69-52
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 69 General VPN Setup
Configuring AnyConnect VPN Connections
Figure 69-5 Unified NAT table
Step 8 After you have configured the Engineering VPN Address pool to reach itself, the Sales VPN address
pool, the inside network, the DMZ network, and the Internet; you must repeat this process for the Sales
VPN address pool. Use identity NAT to exempt the Sales VPN address pool traffic from undergoing
network address translation between itself, the inside network, the DMZ network, and the Internet.
Step 9 From the File menu on the ASA, select Save Running Configuration to Flash to implement your
identity NAT rules.
Configuring AnyConnect VPN Connections
Use the AnyConnect Connection Profiles pane and its child dialog boxes to specify VPN connection
attributes for client-based connections. These attributes apply to the Cisco AnyConnect VPN client and
to the legacy SSL VPN client.
The initial client deployment requires end-user administrative rights. The Cisco AnyConnect VPN client
supports the HTTPS/TCP (SSL) and Datagram Transport Layer Security (DTLS) tunneling options.
In the main pane, you can enable client access on the interfaces you select and you can select, add, edit,
and delete connections (tunnel groups). You can also specify whether you want to allow a user to select
a particular connection at login.
Fields
• Access Interfaces—Specify VPN client access for each interface listed in the table:
• Enable Cisco AnyConnect VPN Client access on the interfaces in the table below—Check to enable
VPN on the interfaces listed in the table.
• Interface—The interface to enable VPN client connections.
• SSL Access:
–
Allow Access—Check to enable SSL VPN access on the interface.
–
Enable DTLS—Check to enable Datagram Transport Layer Security (DTLS) for SSL on an
interface. DTLS avoids latency and bandwidth problems associated with some SSL connections
and improves the performance of real-time applications that are sensitive to packet delays.