Thursday, August 18, 2011

Cisco AnyConnect in standalone mode

Durint the preparation for the Cisco 642-637 exam was trying tu put an SSL VPN (webvpn) Lab together, in thick client standalone mode, so I installed the latest version of the Cisco AnyConnect (2.5) and was trying to connect to a router directly with, without a web browser. I did not want to work. After approximately 3-4 hours of troubleshooting I found the problem: the IOS is old...

Here it is:

Q. Is AnyConnect supported on Cisco IOS® devices?
A. Yes.

As of Cisco IOS Software Release 12.4(15)T in browser-initiated mode only as per the Release 12.4T New Security Features Notes.

As of Cisco IOS Software Release 12.4(20)T, standalone mode is also supported.

and that's the point. I think it could be mentioned in more places. I upgraded the IOS to a correct version, and it started to work immediately. Hurray! The configuration:

ip local pool MYPOOL

webvpn gateway MYWEBVPNGW
 hostname R13
 ip address port 443 
 http-redirect port 80
 ssl trustpoint TP-self-signed-4279256517
 logging enable
webvpn install svc disk0:/webvpn/svc.pkg sequence 1
webvpn context MY-CONTEXT
 ssl authenticate verify all
 policy group PG
   functions svc-enabled
   svc address-pool "MYPOOL"
   svc keep-client-installed
   svc split include
 default-group-policy PG
 aaa authentication list WEBLOGIN
 max-users 10

No comments: