[c-nsp] Remote LAN (IPsec) to Client (anyconnect) w/ ASA
Justin M. Streiner
streiner at cluebyfour.org
Wed Apr 27 11:19:35 EDT 2011
On Wed, 27 Apr 2011, Scott Voll wrote:
> I have an ASA 5510 that I use for both the head end for Anyconnect clients
> and Hub and Spoke IPSec tunnels for Lan to Lan.
>
> beside the no Nat, ACL for interesting traffic, and "same-security-traffic
> permit intra-interface" command is there anything else that needs to be
> done, in order to have the Anyconnect client access the remote IPSec LAN?
Building a VPN policy for Anyconnect clients is pretty much the same as
building a VPN policy for legacy IPSEC clients.
You need to define your client address pool(s), tunnel group definitions,
pre-shared keys (unless you use certificates), tunnel parameters, etc.
jms
More information about the cisco-nsp
mailing list