Cisco Cisco AnyConnect Secure Mobility Client v2.x Technical Manual
Conventions
Refer to the Cisco Technical Tips Conventions for more information on document conventions.
Configuration
First off, define a pool of IP addresses from which you will assign one to each client that connects.
If you want the client to also carry IPv6 traffic over the tunnel, you will need a pool of IPv6 addresses. Both
pools are referenced later in the group−policy.
pools are referenced later in the group−policy.
ip local pool pool4 172.16.2.100−172.16.2.199 mask 255.255.255.0
ipv6 local pool pool6 fcfe:2222::64/64 128
For IPv6 connectivity to the ASA, you need an IPv6 address on the interface that the clients will connect to
(typically the outside interface).
(typically the outside interface).
For IPv6 connectivity over the tunnel to inside hosts, you need IPv6 on the inside interface(s) as well.
interface Vlan90
nameif outside
security−level 0
ip address 203.0.113.2 255.255.255.0
ipv6 address 2001:db8:90::2/64
!
interface Vlan102
nameif inside
security−level 100
ip address 192.168.102.2 255.255.255.0
ipv6 address fcfe:102::2/64
For IPv6, you also need a default route pointing to the next−hop router towards the Internet.
ipv6 route outside ::/0 2001:db8:90::5
route outside 0.0.0.0 0.0.0.0 203.0.113.5 1
In order to authenticate itself to the clients, the ASA needs to have an identity certificate. Instructions on how
to create or import such a certificate are beyond the scope of this document, but can be easily found in other
documents such as
to create or import such a certificate are beyond the scope of this document, but can be easily found in other
documents such as
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808b3cff.shtml
The resulting configuration should look similar to the following:
crypto ca trustpoint testCA
keypair testCA
crl configure
...
crypto ca certificate chain testCA
certificate ca 00
30820312 308201fa a0030201 02020100 300d0609 2a864886 f70d0101 05050030
...
quit
certificate 04
3082032c 30820214 a0030201 02020104 300d0609 2a864886 f70d0101 05050030
...
quit