[c-nsp] AnyConnect VPN client, IOS, and Vista

Jay Nakamura zeusdadog at gmail.com
Tue Sep 15 13:21:00 EDT 2009 

Has anyone gotten AnyConnect client to work with IOS router and Vista?
 (With self signed cert?)

I got it to work with XP but not Vista.  Can someone share their
config or some pointers?

With Vista, it gets to the cert warning part, then dies.

aaa authentication login ciscocp_vpn_xauth_ml_1 group radius
crypto pki trustpoint someVPN
 enrollment selfsigned
 serial-number none
 ip-address none
 subject-name CN=vpn, O=somedomain.com, ST=IN, C=US
 revocation-check crl
 rsakeypair someVPN_RSAKey 1024
!
!
crypto pki certificate chain FirstCapitalVPN
 certificate self-signed 01
<SNIP>
        quit
!
!
interface FastEthernet0/0
 ip address w.x.y.z 255.255.255.240
 ip nat outside
!
interface FastEthernet0/1
 ip address 10.0.0.254 255.255.255.0
 ip nat inside
!
ip local pool VPNPOOL 192.168.100.1 192.168.100.254
ip route 0.0.0.0 0.0.0.0 w.x.y.z1
!
radius-server host 10.0.0.26 auth-port 1645 acct-port 1646 key 7
03051418135F724216051C171C005F180C333970
!
webvpn gateway gateway_1
 ip address w.x.y.z port 443
 http-redirect port 80
 ssl trustpoint someVPN
 inservice
 !
webvpn install svc flash:/webvpn/anyconnect-win-2.3.2016-k9.pkg sequence 1
 !
webvpn install svc
flash:/webvpn/anyconnect-macosx-i386-2.3.2016-k9.pkg sequence 2
 !
webvpn install svc
flash:/webvpn/anyconnect-macosx-powerpc-2.3.2016-k9.pkg sequence 3
 !
webvpn install svc
flash:/webvpn/anyconnect-wince-ARMv4I-2.3.2016-k9.pkg sequence 4
 !
webvpn context webvpn
 secondary-color white
 title-color #669999
 text-color black
 ssl authenticate verify all
 !
 !
 policy group policy_1
   functions svc-enabled
   svc address-pool "VPNPOOL"
   svc default-domain "somedomain.com"
   svc keep-client-installed
   svc split dns "somedomain.com"
   svc split include 10.0.0.0 255.255.255.0
   svc dns-server primary 10.0.0.26
   svc dns-server secondary 10.0.0.6
   svc wins-server primary 10.0.0.26
   svc wins-server secondary 10.0.0.6
 default-group-policy policy_1
 aaa authentication list ciscocp_vpn_xauth_ml_1
 gateway gateway_1
 inservice
!
end

More information about the cisco-nsp mailing list