[AusNOG] Cisco SSL VPN \w AnyConnect on 891-F

Chris Jones chrisj at aprole.com
Thu Jan 16 20:02:25 EST 2020


Don’t know where the 891s sit, but Cisco has killed AnyConnect on ISRs. It’s now an ASA only feature

It’s still supported on 1941-era hardware, but possibly not on more recent code.

Regards,

Chris Jones

On 16 Jan 2020, at 18:53, Rhys Hanrahan <rhys at nexusone.com.au> wrote:


Hi Everyone,

I was hoping that I could find some quick guidance here. We have a customer who has been using Cisco AnyConnect with an ASA. We are deploying a newer Cisco 891F for them, and it seemed like it would be straight-forward to setup an SSL VPN on there for use with AnyConnect, and from my reading it seemed like we would at least be able to eval this for a while with no problem. We’re due to cutover tomorrow and I am trying to get AnyConnect working first.

Does anyone know if anything special is required to allow us to configure the WebVPN component on an 891-F?

I am following this guide: https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200533-AnyConnect-Configure-Basic-SSLVPN-for-I.html#anc8

Everything worked as expected up to step 9 – it seems the functions and svc commands for the webvpn policy are missing/incomplete. Unsure if this a licensing issue, or if I’m using the wrong commands for our IOS version (we’re on IOS 15.7(3)M5)

router(config)#webvpn context SSL_Context
router(config-webvpn-context)#gateway SSLVPN_Gateway
Configure gateway SSLVPN_Gateway using "webvpn gateway" command before associating to context

router(config-webvpn-context)#inservice
router(config-webvpn-context)#policy group SSL_Policy
router(config-webvpn-group)#aaa authentication list SSLVPN_AAA
router(config-webvpn-context)#functions svc-enabled
                                                                  ^
% Invalid input detected at '^' marker.

router(config-webvpn-context)#svc ?
  platform  Client Operating System Type

Appreciate any guidance. Thanks!

Rhys Hanrahan
Chief Information Officer
Nexus One Pty Ltd

E: support at nexusone.com.au<mailto:support at nexusone.com.au>
P: +61 2 9191 0606
W: http://www.nexusone.com.au/
M: PO Box A356 Sydney South, NSW 1235
A: Suite 12.03, Level 12, 227 Elizabeth Street, Sydney NSW 2000

[http://quintus.nexusone.com.au/~rhys/nexus1-email-sig.jpg]
The information in this email and or any of the attachments may contain; a. Confidential information of Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd, or third parties; and or b. Legally privileged information of Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd, or third parties; and or c. Copyright material Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties.
If you are not an authorised recipient of this email, please contact the sender immediately by return email or by telephone on 02 91910600 and delete the email from your system.
We do not accept any liability in connection with any computer virus, data corruption, interruption or any damage generally as a result of transmission of this email.



_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20200116/1003ed28/attachment.html>


More information about the AusNOG mailing list