6-10
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 6 VPN Wizards
AnyConnect VPN Wizard
Connection Profile Identification
The connection profile identification is used to identify the ASA to the remote acess users.
Fields
• Connection Profile Name—Provide a name that the remote access users will access for VPN
connections.
• VPN Access Interface—Choose an interface that the remote access users will access for VPN
connections.
VPN Protocols
Specify the VPN protocol allowed for this connection profile.
The AnyConnect client defaults to SSL. If you enable IPsec as a VPN tunnel protocol for the connection
profile, you must also create and deploy a client profile with IPsec enabled using the profile editor from
ASDM, and deploy the profile.
If you predeploy instead of weblaunch the AnyConnect client, the first client connection uses SSL, and
receives the client profile from the ASA during the session. For subsequent connections, the client uses
the protocol specified in the profile, either SSL or IPsec. If you predeploy the profile with IPsec specified
with the client, the first client connection uses IPsec. For more information about predeploying a client
profile with IPsec enabled, see the AnyConnect Secure Mobility Client Administrator Guide.
Fields
• SSL
• IPsec (IKE v2)
• Device Certificate—Identifies the ASA to the remote access clients.
Note Some AnyConnect features (such as always on, IPsec/IKEv2) require a valid device
certificate on the ASA.
• Manage—Choosing Manage opens the Manage Identity Certificates window.
–
Add—Choose Add to add an identity certificate and its details.
–
Show Details—If you choose a particular certificate and click Show Details, the Certificate
Details window appears and provides who the certificate was issued to and issued by, as well as
specifics about its serial number, usage, associated trustpoints, valid timeframe, and so on.
–
Delete—Highlight the certificate you want to remove and click Delete.
–
Export—Highlight the certificate and click Export to export the certificate to a file with or
without an encryption passphrase.
–
Enroll ASA SSL VPN with Entrust—Gets your Cisco ASA SSL VPN appliance up and running
quickly with an SSL Advantage digitial certificate from Entrust.