Hi Everyone,
In this post we are going to see how do we configure anyconnect VPN in Cisco ASA 8.4 version using GNS3 lab, which is very simple and good for learners to understand the anyconnect vpn configuration.
I have used GNS3 for emulating the VPN setup and bingo!!! I have configured in a easiest way!!!
### Refer How to add your PC as cloud using GNS3 with Loopback Interface Adapter ###
### Router as the remote site LAN device, which we test after connecting to VPN ###
Configuration Steps:
ASA Version 8.4(2)
!
hostname sslvpn-fw
enable password N7FecZuSHJlVZC2P encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
### Outside Interface is directly connected to Host/Client PC Cloud ###
interface GigabitEthernet0
nameif outside
security-level 0
ip address 10.0.0.1 255.255.255.0
!
### Inside Interface is directly connected to router , which is acting as remote server ###
interface GigabitEthernet1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet5
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
access-list sslvpn_inbound extended permit ip any any
access-list outbound extended permit ip any any
pager lines 24
logging enable
logging buffered notifications
mtu outside 1500
mtu inside 1500
### VPN Pool is created for Anyconnect VPN users ###
ip local pool vpn 172.16.0.1-172.16.0.5 mask 255.255.255.248
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
no asdm history enable
arp timeout 14400
access-group sslvpn_inbound in interface outside
access-group outbound in interface inside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
### Installed certficate and CA configurations for SSL Certificate ###
crypto ca trustpoint cuckoonetworks.com
enrollment terminal
fqdn cuckoonetworks.com
subject-name CN=cuckoonetworks.com, OU=CLOUD, O=CUCKOO NETWORKS, C=IN, St=KA, L=BLR
keypair cuckoonetworks.com
crl configure
crypto ca certificate chain cuckoonetworks.com
certificate ca 3ba11e6c788e4ae15c7224a186fee7d5
3082048a 30820372 a0030201 0202103b a11e6c78 8e4ae15c 7224a186 fee7d530
0d06092a 864886f7 0d010105 05003081 ad310b30 09060355 04061302 55533115
30130603 55040a13 0c746861 7774652c 20496e63 2e312830 26060355 040b131f
43657274 69666963 6174696f 6e205365 72766963 65732044 69766973 696f6e31
30302e06 0355040b 1327466f 72205465 73742050 7572706f 73657320 4f6e6c79
2e20204e 6f206173 73757261 6e636573 2e312b30 29060355 04031322 74686177
74652054 7269616c 20536563 75726520 53657276 65722052 6f6f7420 4341301e
170d3130 30323034 30303030 30305a17 0d323030 32303332 33353935 395a3081
a8310b30 09060355 04061302 55533115 30130603 55040a13 0c546861 7774652c
20496e63 2e312830 26060355 040b131f 43657274 69666963 6174696f 6e205365
72766963 65732044 69766973 696f6e31 30302e06 0355040b 1327466f 72205465
73742050 7572706f 73657320 4f6e6c79 2e20204e 6f206173 73757261 6e636573
2e312630 24060355 0403131d 54686177 74652054 7269616c 20536563 75726520
53657276 65722043 41308201 22300d06 092a8648 86f70d01 01010500 0382010f
00308201 0a028201 0100d6c5 9e2f092f bd878816 ec29d3c0 f84416e7 96787f08
14cffe9f cef4cdbc 0e575dd8 650e2962 0c5062aa 8ac0c5c0 fba97c7e 4bf99fbc
c802796e a1a6bf35 f31bf723 465c1194 f1cfc22c 339d065a c2d991a7 c23bb182
c47680ad 8cbeaabd 3c5dd9d7 a4a41e98 5b0fa34b a09ffa3b 90ba24a7 9b060623
525ba653 80c5f76c 0864414d 04eb0639 577521e5 3fc3327f 91063c8d 4e896b27
4e3c89a2 7b63a57d 355b31d4 8a3fa181 d4e27eb3 c4e7e8ba cca1c51b da5c1879
b9d5d481 0f4ec590 4e03f3dd d616b2c8 54b6e9d2 b4408884 f99571f3 00449e4b
45f6f06b f3e7dc7f 584a78d2 5774f9cf 6054bb30 d2ab1247 aa327aa6 c6ad7617
91aa5d1a 71c40f92 71530203 010001a3 81a83081 a5301206 03551d13 0101ff04
08300601 01ff0201 00303f06 03551d1f 04383036 3034a032 a030862e 68747470
3a2f2f63 726c2e74 68617774 652e636f 6d2f7468 61777465 54726961 6c53534c
526f6f74 43412e63 726c300e 0603551d 0f0101ff 04040302 0106301d 0603551d
0e041604 14296cb5 35fd03d6 48fb04ef 3a9fab15 4e0af44d 50301f06 03551d23
04183016 80140542 688603e9 c965c127 b3d99bd4 0ff77ff5 0540300d 06092a86
4886f70d 01010505 00038201 01004899 ebdd8fef 0b0f109a 2702b0fb 8ca30713
db3acb51 515f3cc3 3fb6a119 9ece4202 5daea44f f2f603a3 fd4efed0 104375bd
8df59bde f4d950c1 4ca732c7 ca2562fa 098ad394 ce90c2d7 0efb4f2d 6d5604ed
15c591f7 438f42da 4f5e0454 aa1e6921 cbfee76b 2ec1327c 8585664a c2d47f3f
6a1cb688 3a7d9456 c6e5c1c4 39ac8ead 8e88da2d 99766aa8 4ccde788 04fb25a8
62acb5ed 8d3d1901 635c17aa 3e14a37e b8ac99d5 86a90453 4fc33a76 2d64c5bf
adeced57 77ee3dda 89f60ccb 497afdd7 e25a6e86 5ee671d4 b13586dd c56a25e8
f17fe81d a725472f 6f70d89f 9ccd17df 3bd4a7ac eeb68c2e 48d588ac d5b7c072
323a4681 7c23b56f 9630dcee b5f3
quit
certificate 4089fc4cd7382be3bc9b55dbd52788c9
308204fc 308203e4 a0030201 02021040 89fc4cd7 382be3bc 9b55dbd5 2788c930
0d06092a 864886f7 0d010105 05003081 a8310b30 09060355 04061302 55533115
30130603 55040a13 0c546861 7774652c 20496e63 2e312830 26060355 040b131f
43657274 69666963 6174696f 6e205365 72766963 65732044 69766973 696f6e31
30302e06 0355040b 1327466f 72205465 73742050 7572706f 73657320 4f6e6c79
2e20204e 6f206173 73757261 6e636573 2e312630 24060355 0403131d 54686177
74652054 7269616c 20536563 75726520 53657276 65722043 41301e17 0d313430
38323630 30303030 305a170d 31343039 31363233 35393539 5a3081a1 310b3009
06035504 06130249 4e310b30 09060355 04081302 4b41310c 300a0603 55040714
03424c52 31183016 06035504 0a140f43 55434b4f 4f204e45 54574f52 4b53310e
300c0603 55040b14 05434c4f 55443130 302e0603 55040b14 27466f72 20546573
74205075 72706f73 6573204f 6e6c792e 20204e6f 20617373 7572616e 6365732e
311b3019 06035504 03141263 75636b6f 6f6e6574 776f726b 732e636f 6d308201
22300d06 092a8648 86f70d01 01010500 0382010f 00308201 0a028201 01009d6b
e01453a2 fb630b3b a2cddc8f 16cb2d8b e76e4b06 4e338cde 63a027fa d987aa33
577faa2c effe5b13 6b593bb3 0db30cb7 446cb071 0532c94a 61a69263 6e709301
8d311713 90baba81 864302f0 352a14af 499464c5 e09ecbeb 1aa4b22e f897b89d
5ded4d35 3ee35a63 0a3cbd69 c44b6c85 63c26ddd a85ada0a 350613bf 42af8262
eb4c00fe 1f22117b d0929729 98adc21d 5275277c 2ad075fc c1526915 6aef641a
eb3ddc45 46bd3f91 6f657fc8 1c9cacf2 a9afdd70 6edf9762 1a68256e f686c459
055bcc31 be4b6a24 4ef5c519 e824be33 1b27f61d a5c4ba8a 024c9833 e2afcf8e
c79ae8b1 c5a8d87c c4b17aa4 0aee17fb 3a619270 2fa14ad8 0c0f110e 576d0203
010001a3 82012530 82012130 1d060355 1d110416 30148212 6375636b 6f6f6e65
74776f72 6b732e63 6f6d300c 0603551d 130101ff 04023000 303b0603 551d1f04
34303230 30a02ea0 2c862a68 7474703a 2f2f6372 6c2e7468 61777465 2e636f6d
2f546861 77746554 7269616c 53534c43 412e6372 6c306506 03551d20 045e305c
305a060a 60864801 86f84501 0715304c 30230608 2b060105 05070201 16176874
7470733a 2f2f642e 73796d63 622e636f 6d2f6370 73302506 082b0601 05050702
02301916 17687474 70733a2f 2f642e73 796d6362 2e636f6d 2f727061 301d0603
551d2504 16301406 082b0601 05050703 0106082b 06010505 07030230 1f060355
1d230418 30168014 296cb535 fd03d648 fb04ef3a 9fab154e 0af44d50 300e0603
551d0f01 01ff0404 030205a0 300d0609 2a864886 f70d0101 05050003 82010100
99889644 0f48f88f 7799d2a4 59c6418d c17d1fd1 acefce1b 022280f5 332eee63
b3212e52 82311efc 8f580b42 64f05286 256d76ef 85c8a739 31a2acbd 52ee2bf5
fd1713ec 8a7bd7a7 38b50847 ab5beb95 dda5502d a0826fde 66139bdf c019c3c6
bdab3e9a 1e8d0ee1 146163cd 3e22b7ff 91afd9a8 5f1dec3d b65d312f 96a4923c
786f0528 2eb2396b 11fa21e2 3794bc2a 1847d999 0d006184 fc394519 eb5dcec1
d00890f6 7be2c1cc aa09827f 46e35d4d 75e6a710 1c4e7517 cf1acd62 7926ffb5
8d3a7a0d 15ed1fea 05ecc573 b72fa09e 19217a85 aee0307c 87d48039 c2572092
e3c6fa23 08a6b99e 5b6f50f2 f39e2540 daa87ccb 6858dea0 65a3a477 c2
5e5d2c
quit
telnet 0.0.0.0 0.0.0.0 outside
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-d aes128-sha1 aes256-sha1 3des-sha1
### Anyconnect Specific Configurations, which included package, policy and group ###
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-3.1.05178-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy testssl internal
group-policy testssl attributes
banner value Cuckoo Networks
banner value *** Restricted Access only for Cuckoo Networks Authorized Employees ***
vpn-tunnel-protocol ssl-client ssl-clientless
split-tunnel-policy tunnelall
username test password P4ttSyrm33SV8TYp encrypted
username vpntest password mfoS1ZEaQcE7XU1D encrypted
tunnel-group testssl type remote-access
tunnel-group testssl general-attributes
address-pool vpn
default-group-policy testssl
tunnel-group testssl webvpn-attributes
group-url https://cuckoonetworks.com enable
!
!
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
crashinfo save disable
Cryptochecksum:d1da224ef86e9226d98f1564f37975fa
: end
sslvpn-fw#
Test from PC:
C:\Users\kn8773>ping 10.0.0.1
Pinging 10.0.0.1 with 32 bytes of data:
Reply from 10.0.0.1: bytes=32 time=2ms TTL=255
Reply from 10.0.0.1: bytes=32 time=1ms TTL=255
Reply from 10.0.0.1: bytes=32 time=2ms TTL=255
Reply from 10.0.0.1: bytes=32 time=1ms TTL=255
Ping statistics for 10.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms
C:\Users\kn8773>
Peer is reachable from the PC.
Step 1: access the URL https://cuckoonetworks.com from your browser.
Step 2: User authentication Page
Step 3: After a Successful Connection
Step 4: You have to choose any connect and start anyconnect doownload. App will get downloaded and installed in your PC.
Step 5: Connect VPN Client
Step 5: Verify the VPN connection and working status
Windows IP Configuration
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::2357:28f0:64ec:dd25%74
Link-local IPv6 Address . . . . . : fe80::f4ac:52b8:2d4:ec4e%74
IPv4 Address. . . . . . . . . . . : 172.16.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.248
Default Gateway . . . . . . . . . : ::
172.16.0.2
Ethernet adapter GNS3 Cloud Loopback Adapter:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::2037:f0a7:3cc9:8795%62
IPv4 Address. . . . . . . . . . . : 10.0.0.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.1
C:\Users\karthik>ping 192.168.0.10
Pinging 192.168.0.10 with 32 bytes of data:
Reply from 192.168.0.10: bytes=32 time=19ms TTL=255
Reply from 192.168.0.10: bytes=32 time=8ms TTL=255
Reply from 192.168.0.10: bytes=32 time=17ms TTL=255
Reply from 192.168.0.10: bytes=32 time=18ms TTL=255
Ping statistics for 192.168.0.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 19ms, Average = 15ms
C:\Users\karthik>telnet 192.168.0.10
User Access Verification
Username: test
Password:
R1>en
Password:
R1#
Verify from VPN Firewall
sslvpn-fw# sh vpn-sessiondb
---------------------------------------------------------------------------
VPN Session Summary
---------------------------------------------------------------------------
Active : Cumulative : Peak Concur : Inactive
----------------------------------------------
AnyConnect Client : 1 : 4 : 1 : 0
SSL/TLS/DTLS : 1 : 4 : 1 : 0
Clientless VPN : 0 : 1 : 1
Browser : 0 : 1 : 1
---------------------------------------------------------------------------
Total Active and Inactive : 1 Total Cumulative : 5
Device Total VPN Capacity : 0
Device Load : 0%
***!! WARNING: Platform capacity exceeded !!***
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Tunnels Summary
---------------------------------------------------------------------------
Active : Cumulative : Peak Concurrent
----------------------------------------------
Clientless : 0 : 1 : 1
AnyConnect-Parent : 1 : 4 : 1
SSL-Tunnel : 1 : 3 : 1
---------------------------------------------------------------------------
Totals : 2 : 8
---------------------------------------------------------------------------
sslvpn-fw#
sslvpn-fw# sh vpn-sessiondb anyconnect
Session Type: AnyConnect
Username : test Index : 5
Assigned IP : 172.16.0.1 Public IP : 10.0.0.10
Protocol : AnyConnect-Parent SSL-Tunnel
License : AnyConnect Premium
Encryption : AES128 Hashing : none SHA1
Bytes Tx : 10350 Bytes Rx : 10800
Group Policy : testssl Tunnel Group : testssl
Login Time : 12:35:37 UTC Thu Aug 28 2014
Duration : 0h:00m:59s
Inactivity : 0h:00m:00s
NAC Result : Unknown
VLAN Mapping : N/A VLAN : none
sslvpn-fw#
Thats it!!!! VPN is connecting from client PC and Remote Site LAN is reachable from VPN client machine and we can do telnet, ping to it......
Cheers
Karthik
In this post we are going to see how do we configure anyconnect VPN in Cisco ASA 8.4 version using GNS3 lab, which is very simple and good for learners to understand the anyconnect vpn configuration.
I have used GNS3 for emulating the VPN setup and bingo!!! I have configured in a easiest way!!!
### Refer How to add your PC as cloud using GNS3 with Loopback Interface Adapter ###
### Router as the remote site LAN device, which we test after connecting to VPN ###
Configuration Steps:
ASA Version 8.4(2)
!
hostname sslvpn-fw
enable password N7FecZuSHJlVZC2P encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
### Outside Interface is directly connected to Host/Client PC Cloud ###
interface GigabitEthernet0
nameif outside
security-level 0
ip address 10.0.0.1 255.255.255.0
!
### Inside Interface is directly connected to router , which is acting as remote server ###
interface GigabitEthernet1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet5
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
access-list sslvpn_inbound extended permit ip any any
access-list outbound extended permit ip any any
pager lines 24
logging enable
logging buffered notifications
mtu outside 1500
mtu inside 1500
### VPN Pool is created for Anyconnect VPN users ###
ip local pool vpn 172.16.0.1-172.16.0.5 mask 255.255.255.248
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
no asdm history enable
arp timeout 14400
access-group sslvpn_inbound in interface outside
access-group outbound in interface inside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
### Installed certficate and CA configurations for SSL Certificate ###
crypto ca trustpoint cuckoonetworks.com
enrollment terminal
fqdn cuckoonetworks.com
subject-name CN=cuckoonetworks.com, OU=CLOUD, O=CUCKOO NETWORKS, C=IN, St=KA, L=BLR
keypair cuckoonetworks.com
crl configure
crypto ca certificate chain cuckoonetworks.com
certificate ca 3ba11e6c788e4ae15c7224a186fee7d5
3082048a 30820372 a0030201 0202103b a11e6c78 8e4ae15c 7224a186 fee7d530
0d06092a 864886f7 0d010105 05003081 ad310b30 09060355 04061302 55533115
30130603 55040a13 0c746861 7774652c 20496e63 2e312830 26060355 040b131f
43657274 69666963 6174696f 6e205365 72766963 65732044 69766973 696f6e31
30302e06 0355040b 1327466f 72205465 73742050 7572706f 73657320 4f6e6c79
2e20204e 6f206173 73757261 6e636573 2e312b30 29060355 04031322 74686177
74652054 7269616c 20536563 75726520 53657276 65722052 6f6f7420 4341301e
170d3130 30323034 30303030 30305a17 0d323030 32303332 33353935 395a3081
a8310b30 09060355 04061302 55533115 30130603 55040a13 0c546861 7774652c
20496e63 2e312830 26060355 040b131f 43657274 69666963 6174696f 6e205365
72766963 65732044 69766973 696f6e31 30302e06 0355040b 1327466f 72205465
73742050 7572706f 73657320 4f6e6c79 2e20204e 6f206173 73757261 6e636573
2e312630 24060355 0403131d 54686177 74652054 7269616c 20536563 75726520
53657276 65722043 41308201 22300d06 092a8648 86f70d01 01010500 0382010f
00308201 0a028201 0100d6c5 9e2f092f bd878816 ec29d3c0 f84416e7 96787f08
14cffe9f cef4cdbc 0e575dd8 650e2962 0c5062aa 8ac0c5c0 fba97c7e 4bf99fbc
c802796e a1a6bf35 f31bf723 465c1194 f1cfc22c 339d065a c2d991a7 c23bb182
c47680ad 8cbeaabd 3c5dd9d7 a4a41e98 5b0fa34b a09ffa3b 90ba24a7 9b060623
525ba653 80c5f76c 0864414d 04eb0639 577521e5 3fc3327f 91063c8d 4e896b27
4e3c89a2 7b63a57d 355b31d4 8a3fa181 d4e27eb3 c4e7e8ba cca1c51b da5c1879
b9d5d481 0f4ec590 4e03f3dd d616b2c8 54b6e9d2 b4408884 f99571f3 00449e4b
45f6f06b f3e7dc7f 584a78d2 5774f9cf 6054bb30 d2ab1247 aa327aa6 c6ad7617
91aa5d1a 71c40f92 71530203 010001a3 81a83081 a5301206 03551d13 0101ff04
08300601 01ff0201 00303f06 03551d1f 04383036 3034a032 a030862e 68747470
3a2f2f63 726c2e74 68617774 652e636f 6d2f7468 61777465 54726961 6c53534c
526f6f74 43412e63 726c300e 0603551d 0f0101ff 04040302 0106301d 0603551d
0e041604 14296cb5 35fd03d6 48fb04ef 3a9fab15 4e0af44d 50301f06 03551d23
04183016 80140542 688603e9 c965c127 b3d99bd4 0ff77ff5 0540300d 06092a86
4886f70d 01010505 00038201 01004899 ebdd8fef 0b0f109a 2702b0fb 8ca30713
db3acb51 515f3cc3 3fb6a119 9ece4202 5daea44f f2f603a3 fd4efed0 104375bd
8df59bde f4d950c1 4ca732c7 ca2562fa 098ad394 ce90c2d7 0efb4f2d 6d5604ed
15c591f7 438f42da 4f5e0454 aa1e6921 cbfee76b 2ec1327c 8585664a c2d47f3f
6a1cb688 3a7d9456 c6e5c1c4 39ac8ead 8e88da2d 99766aa8 4ccde788 04fb25a8
62acb5ed 8d3d1901 635c17aa 3e14a37e b8ac99d5 86a90453 4fc33a76 2d64c5bf
adeced57 77ee3dda 89f60ccb 497afdd7 e25a6e86 5ee671d4 b13586dd c56a25e8
f17fe81d a725472f 6f70d89f 9ccd17df 3bd4a7ac eeb68c2e 48d588ac d5b7c072
323a4681 7c23b56f 9630dcee b5f3
quit
certificate 4089fc4cd7382be3bc9b55dbd52788c9
308204fc 308203e4 a0030201 02021040 89fc4cd7 382be3bc 9b55dbd5 2788c930
0d06092a 864886f7 0d010105 05003081 a8310b30 09060355 04061302 55533115
30130603 55040a13 0c546861 7774652c 20496e63 2e312830 26060355 040b131f
43657274 69666963 6174696f 6e205365 72766963 65732044 69766973 696f6e31
30302e06 0355040b 1327466f 72205465 73742050 7572706f 73657320 4f6e6c79
2e20204e 6f206173 73757261 6e636573 2e312630 24060355 0403131d 54686177
74652054 7269616c 20536563 75726520 53657276 65722043 41301e17 0d313430
38323630 30303030 305a170d 31343039 31363233 35393539 5a3081a1 310b3009
06035504 06130249 4e310b30 09060355 04081302 4b41310c 300a0603 55040714
03424c52 31183016 06035504 0a140f43 55434b4f 4f204e45 54574f52 4b53310e
300c0603 55040b14 05434c4f 55443130 302e0603 55040b14 27466f72 20546573
74205075 72706f73 6573204f 6e6c792e 20204e6f 20617373 7572616e 6365732e
311b3019 06035504 03141263 75636b6f 6f6e6574 776f726b 732e636f 6d308201
22300d06 092a8648 86f70d01 01010500 0382010f 00308201 0a028201 01009d6b
e01453a2 fb630b3b a2cddc8f 16cb2d8b e76e4b06 4e338cde 63a027fa d987aa33
577faa2c effe5b13 6b593bb3 0db30cb7 446cb071 0532c94a 61a69263 6e709301
8d311713 90baba81 864302f0 352a14af 499464c5 e09ecbeb 1aa4b22e f897b89d
5ded4d35 3ee35a63 0a3cbd69 c44b6c85 63c26ddd a85ada0a 350613bf 42af8262
eb4c00fe 1f22117b d0929729 98adc21d 5275277c 2ad075fc c1526915 6aef641a
eb3ddc45 46bd3f91 6f657fc8 1c9cacf2 a9afdd70 6edf9762 1a68256e f686c459
055bcc31 be4b6a24 4ef5c519 e824be33 1b27f61d a5c4ba8a 024c9833 e2afcf8e
c79ae8b1 c5a8d87c c4b17aa4 0aee17fb 3a619270 2fa14ad8 0c0f110e 576d0203
010001a3 82012530 82012130 1d060355 1d110416 30148212 6375636b 6f6f6e65
74776f72 6b732e63 6f6d300c 0603551d 130101ff 04023000 303b0603 551d1f04
34303230 30a02ea0 2c862a68 7474703a 2f2f6372 6c2e7468 61777465 2e636f6d
2f546861 77746554 7269616c 53534c43 412e6372 6c306506 03551d20 045e305c
305a060a 60864801 86f84501 0715304c 30230608 2b060105 05070201 16176874
7470733a 2f2f642e 73796d63 622e636f 6d2f6370 73302506 082b0601 05050702
02301916 17687474 70733a2f 2f642e73 796d6362 2e636f6d 2f727061 301d0603
551d2504 16301406 082b0601 05050703 0106082b 06010505 07030230 1f060355
1d230418 30168014 296cb535 fd03d648 fb04ef3a 9fab154e 0af44d50 300e0603
551d0f01 01ff0404 030205a0 300d0609 2a864886 f70d0101 05050003 82010100
99889644 0f48f88f 7799d2a4 59c6418d c17d1fd1 acefce1b 022280f5 332eee63
b3212e52 82311efc 8f580b42 64f05286 256d76ef 85c8a739 31a2acbd 52ee2bf5
fd1713ec 8a7bd7a7 38b50847 ab5beb95 dda5502d a0826fde 66139bdf c019c3c6
bdab3e9a 1e8d0ee1 146163cd 3e22b7ff 91afd9a8 5f1dec3d b65d312f 96a4923c
786f0528 2eb2396b 11fa21e2 3794bc2a 1847d999 0d006184 fc394519 eb5dcec1
d00890f6 7be2c1cc aa09827f 46e35d4d 75e6a710 1c4e7517 cf1acd62 7926ffb5
8d3a7a0d 15ed1fea 05ecc573 b72fa09e 19217a85 aee0307c 87d48039 c2572092
e3c6fa23 08a6b99e 5b6f50f2 f39e2540 daa87ccb 6858dea0 65a3a477 c2
5e5d2c
quit
telnet 0.0.0.0 0.0.0.0 outside
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-d aes128-sha1 aes256-sha1 3des-sha1
### Anyconnect Specific Configurations, which included package, policy and group ###
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-3.1.05178-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy testssl internal
group-policy testssl attributes
banner value Cuckoo Networks
banner value *** Restricted Access only for Cuckoo Networks Authorized Employees ***
vpn-tunnel-protocol ssl-client ssl-clientless
split-tunnel-policy tunnelall
username test password P4ttSyrm33SV8TYp encrypted
username vpntest password mfoS1ZEaQcE7XU1D encrypted
tunnel-group testssl type remote-access
tunnel-group testssl general-attributes
address-pool vpn
default-group-policy testssl
tunnel-group testssl webvpn-attributes
group-url https://cuckoonetworks.com enable
!
!
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
crashinfo save disable
Cryptochecksum:d1da224ef86e9226d98f1564f37975fa
: end
sslvpn-fw#
Test from PC:
C:\Users\kn8773>ping 10.0.0.1
Pinging 10.0.0.1 with 32 bytes of data:
Reply from 10.0.0.1: bytes=32 time=2ms TTL=255
Reply from 10.0.0.1: bytes=32 time=1ms TTL=255
Reply from 10.0.0.1: bytes=32 time=2ms TTL=255
Reply from 10.0.0.1: bytes=32 time=1ms TTL=255
Ping statistics for 10.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms
C:\Users\kn8773>
Peer is reachable from the PC.
Step 1: access the URL https://cuckoonetworks.com from your browser.
Step 2: User authentication Page
Step 3: After a Successful Connection
Step 4: You have to choose any connect and start anyconnect doownload. App will get downloaded and installed in your PC.
Step 5: Connect VPN Client
Step 5: Verify the VPN connection and working status
Windows IP Configuration
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::2357:28f0:64ec:dd25%74
Link-local IPv6 Address . . . . . : fe80::f4ac:52b8:2d4:ec4e%74
IPv4 Address. . . . . . . . . . . : 172.16.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.248
Default Gateway . . . . . . . . . : ::
172.16.0.2
Ethernet adapter GNS3 Cloud Loopback Adapter:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::2037:f0a7:3cc9:8795%62
IPv4 Address. . . . . . . . . . . : 10.0.0.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.1
C:\Users\karthik>ping 192.168.0.10
Pinging 192.168.0.10 with 32 bytes of data:
Reply from 192.168.0.10: bytes=32 time=19ms TTL=255
Reply from 192.168.0.10: bytes=32 time=8ms TTL=255
Reply from 192.168.0.10: bytes=32 time=17ms TTL=255
Reply from 192.168.0.10: bytes=32 time=18ms TTL=255
Ping statistics for 192.168.0.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 19ms, Average = 15ms
C:\Users\karthik>telnet 192.168.0.10
User Access Verification
Username: test
Password:
R1>en
Password:
R1#
Verify from VPN Firewall
sslvpn-fw# sh vpn-sessiondb
---------------------------------------------------------------------------
VPN Session Summary
---------------------------------------------------------------------------
Active : Cumulative : Peak Concur : Inactive
----------------------------------------------
AnyConnect Client : 1 : 4 : 1 : 0
SSL/TLS/DTLS : 1 : 4 : 1 : 0
Clientless VPN : 0 : 1 : 1
Browser : 0 : 1 : 1
---------------------------------------------------------------------------
Total Active and Inactive : 1 Total Cumulative : 5
Device Total VPN Capacity : 0
Device Load : 0%
***!! WARNING: Platform capacity exceeded !!***
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Tunnels Summary
---------------------------------------------------------------------------
Active : Cumulative : Peak Concurrent
----------------------------------------------
Clientless : 0 : 1 : 1
AnyConnect-Parent : 1 : 4 : 1
SSL-Tunnel : 1 : 3 : 1
---------------------------------------------------------------------------
Totals : 2 : 8
---------------------------------------------------------------------------
sslvpn-fw#
sslvpn-fw# sh vpn-sessiondb anyconnect
Session Type: AnyConnect
Username : test Index : 5
Assigned IP : 172.16.0.1 Public IP : 10.0.0.10
Protocol : AnyConnect-Parent SSL-Tunnel
License : AnyConnect Premium
Encryption : AES128 Hashing : none SHA1
Bytes Tx : 10350 Bytes Rx : 10800
Group Policy : testssl Tunnel Group : testssl
Login Time : 12:35:37 UTC Thu Aug 28 2014
Duration : 0h:00m:59s
Inactivity : 0h:00m:00s
NAC Result : Unknown
VLAN Mapping : N/A VLAN : none
sslvpn-fw#
Thats it!!!! VPN is connecting from client PC and Remote Site LAN is reachable from VPN client machine and we can do telnet, ping to it......
Cheers
Karthik





 

