Thursday, August 18, 2011

Cisco AnyConnect in standalone mode

Durint the preparation for the Cisco 642-637 exam was trying tu put an SSL VPN (webvpn) Lab together, in thick client standalone mode, so I installed the latest version of the Cisco AnyConnect (2.5) and was trying to connect to a router directly with, without a web browser. I did not want to work. After approximately 3-4 hours of troubleshooting I found the problem: the IOS is old...

Here it is:
http://www.cisco.com/en/US/products/ps8411/products_qanda_item09186a00809aec31.shtml#Spprtdvcs

Q. Is AnyConnect supported on Cisco IOS® devices?
A. Yes.

As of Cisco IOS Software Release 12.4(15)T in browser-initiated mode only as per the Release 12.4T New Security Features Notes.

As of Cisco IOS Software Release 12.4(20)T, standalone mode is also supported.

and that's the point. I think it could be mentioned in more places. I upgraded the IOS to a correct version, and it started to work immediately. Hurray! The configuration:

ip local pool MYPOOL 166.1.1.1 166.1.1.10

webvpn gateway MYWEBVPNGW
 hostname R13
 ip address 13.3.0.1 port 443 
 http-redirect port 80
 ssl trustpoint TP-self-signed-4279256517
 logging enable
 inservice
 !
webvpn install svc disk0:/webvpn/svc.pkg sequence 1
 !
webvpn context MY-CONTEXT
 ssl authenticate verify all
 !
 !
 policy group PG
   functions svc-enabled
   svc address-pool "MYPOOL"
   svc keep-client-installed
   svc split include 13.0.0.0 255.0.0.0
 default-group-policy PG
 aaa authentication list WEBLOGIN
 gateway MYWEBVPNGW
 max-users 10
 inservice

No comments: