See the previous blog post which documents the steps to setup AnyConnect SSL-VPN and ISE integration. This blog post expands on the AnyConnect SSL-VPN configuration, adding support for IKEv2/IPSec and using double authentication (Username/Password and Certificate).
Create a Crypto Keypair
crypto key generate rsa label VPN_KEY modulus 2048
Create a CA Trustpoint
crypto ca trustpoint LAB_PKI
Continue reading “CCNP SIMOS: ASA AnyConnect IKEv2/IPSec VPN”
This blog post will document how to configure an AnyConnect SSL-VPN on a Cisco ASA firewall using Cisco ISE (2.1 patch 5) as a AAA server for authentication.
It is assumed that ISE is installed and configured with the basics (IP addresses and integrated into AD).
Define the ASA as a Network Device
- Navigate to Administration > Network Resources > Network Devices
- Create new by clicking Add and define the ASA
- Specify the INSIDE interface IP address of the ASA
- Tick the RADIUS Authentication Settings box
- Specify a shared secret, this will need to match on the ASA configuration
- Click Save
Continue reading “CCNP SIMOS: ASA AnyConnect SSL-VPN”
This blog post will document the steps to configure an IKEv2/IPSec Site-to-Site VPN between a Cisco ASA firewall (ASAv 9.9.1) and an IOS Router (v15.4) using a Pre-Shared Key (PSK).
ASA Firewall Configuration
// Define IKEv2 Policy
crypto ikev2 policy 10
lifetime seconds 86400
Continue reading “CCNP SIMOS: IKEv2 Crypto Map between IOS Router and ASA Firewall”