Cisco Cisco ASA for Nexus 1000V Series Switch 기술 매뉴얼
ASA 9.x: AnyConnect VPN Client U-turning
Configuration Examples
Configuration Examples
Document ID: 100918
Contributed by Yamil Gazel and Gustavo Medina, Cisco TAC
Engineers.
Engineers.
Jun 20, 2014
Contents
Introduction
Prerequisites
Requirements
Components Used
Background Information
Configure
AnyConnect VPN Client for Public Internet VPN on a Stick Configuration Example
Network Diagram
ASA Release 9.1(2) Configurations with ASDM Release 7.1(6)
ASA Release 9.1(2) Configuration in the CLI
Allow Communication between AnyConnect VPN Clients with the TunnelAll Configuration in Place
Network Diagram
ASA Release 9.1(2) Configurations with ASDM Release 7.1(6)
ASA Release 9.1(2) Configuration in the CLI
Allow Communication between AnyConnect VPN Clients with Split-Tunnel
Network Diagram
ASA Release 9.1(2) Configurations with ASDM Release 7.1(6)
ASA Release 9.1(2) Configuration in the CLI
Verify
Troubleshoot
Related Information
Prerequisites
Requirements
Components Used
Background Information
Configure
AnyConnect VPN Client for Public Internet VPN on a Stick Configuration Example
Network Diagram
ASA Release 9.1(2) Configurations with ASDM Release 7.1(6)
ASA Release 9.1(2) Configuration in the CLI
Allow Communication between AnyConnect VPN Clients with the TunnelAll Configuration in Place
Network Diagram
ASA Release 9.1(2) Configurations with ASDM Release 7.1(6)
ASA Release 9.1(2) Configuration in the CLI
Allow Communication between AnyConnect VPN Clients with Split-Tunnel
Network Diagram
ASA Release 9.1(2) Configurations with ASDM Release 7.1(6)
ASA Release 9.1(2) Configuration in the CLI
Verify
Troubleshoot
Related Information
Introduction
This document describes how to set up an Adaptive Security Appliance (ASA) Release 9.1(2) in order to
perform Secure Sockets Layer (SSL) VPN on a stick with Cisco AnyConnect VPN Client. This setup applies
to a specific case where the ASA does not allow split tunneling and users connect directly to the ASA before
they are permitted to go to the Internet.
perform Secure Sockets Layer (SSL) VPN on a stick with Cisco AnyConnect VPN Client. This setup applies
to a specific case where the ASA does not allow split tunneling and users connect directly to the ASA before
they are permitted to go to the Internet.
Note
: In order to avoid an overlap of IP addresses in the network, assign a completely different pool of IP
addresses to the VPN Client (for example, 10.x.x.x , 172.16.x.x, and 192.168.x.x). This IP addressing scheme
is helpful in order to troubleshoot your network.
is helpful in order to troubleshoot your network.
Hairpinning or U-turn
This feature is useful for VPN traffic that enters an interface, but is then routed out of that same interface. For
example, if you have a hub-and-spoke VPN network where the security appliance is the hub and the remote
VPN networks are spokes, in order for one spoke to communicate with another spoke traffic must go to the
example, if you have a hub-and-spoke VPN network where the security appliance is the hub and the remote
VPN networks are spokes, in order for one spoke to communicate with another spoke traffic must go to the