Updating anyconnect client images, Enabling ipv6 vpn access – Cisco ASA 5505 User Manual

Page 1728

Advertising
background image

75-18

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 75 Configuring AnyConnect VPN Client Connections

Configuring AnyConnect Connections

hostname(config)# group-policy telecommuters attributes

hostname(config-group-policy)# webvpn

hostname(config-group-webvpn)# vpn-idle-timeout 10

hostname(config-group-webvpn)# default-idle-timeout 1200

Updating AnyConnect Client Images

You can update the client images on the ASA at any time using the following procedure:

Step 1

Copy the new client images to the ASA using the copy command from privileged EXEC mode, or using
another method.

Step 2

If the new clientt image files have the same filenames as the files already loaded, reenter the anyconnect
image command that is in the configuration. If the new filenames are different, uninstall the old files
using the noanyconnect image command. Then use the anyconnect image command to assign an order
to the images and cause the ASA to load the new images.

Enabling IPv6 VPN Access

If you want to configure IPv6 access, you must use the command-line interface to configure IPv6;
ASDM does not support IPv6.

Note

The ASA does not support IPv6 over IPsec IKEv2 VPN sessions.

You enable IPv6 access using the ipv6 enable command as part of enabling SSL VPN connections. The
following is an example for an IPv6 connection that enables IPv6 on the outside interface:

hostname(config)# interface GigabitEthernet0/0

hostname(config-if)# ipv6 enable

To enable IPV6 SSL VPN, do the following general actions:

1.

Enable IPv6 on the outside interface.

2.

Enable IPv6 and an IPv6 address on the inside interface.

3.

Configure an IPv6 address local pool for client assigned IP Addresses.

4.

Configure an IPv6 tunnel default gateway.

To implement this procedure, do the following steps:

Step 1

Configure Interfaces:

interface GigabitEthernet0/0

nameif outside

security-level 0

ip address 192.168.0.1 255.255.255.0

ipv6 enable

; Needed for IPv6.

!

interface GigabitEthernet0/1

nameif inside

security-level 100

ip address 10.10.0.1 255.255.0.0

ipv6 address 2001:DB8::1/32 ; Needed for IPv6.

ipv6 enable

; Needed for IPv6.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals