Setting up AnyConnect VPN’s on the Cisco ASA 5508x (FTD)
This was done on FTD vs 6.2.3-83.
Everything I have found on the Cisco FTD is outdated and the latest FTM interface looks nothing like the articles I have seen on the net. Below is a picture of my interface.
- In the Top Menu (Monitoring, Policies, Objects, Device), Select Device
- I then select Remote Access VPN
- Create a Connection Profile name ( I entered the client domain-VPN)
- For AD Realm/Directory I selected the Realm I created earlier:
- I then downloaded from Cisco.com the anyconnect-win-4.5.05030-webdeploy-k9.pkg for Windows clients and uploaded it to the ASA and selected Next.
- For the certificate of Device Identity, I selected “Create New Internal Certificate”
- I then selected “Upload Certificate and Key” and entered in the certificate and keys I created here:
- For the outside interface, I selected my external interface
- I then entered the FQDN of my external IP. If you don’t have a FQDN for your external ip, you should it will make your life easier.
- For the address pool, I created a new network: IE 192.168.9.0/24 (I didn’t use IPV6)
- For DNS and domain name, I entered my internal DNS servers and internal domain name and selected next.
- I set the VPN as NAT Exempt
- Select my inside interface and entered my inside network, selected next and finished