>> AnyConnect Premium Peers
>> : 2
>> perpetual
>> не достаточно лицензий?
> Для личного пользования должно хватать.
> Покажите конфиг и sh webvpn anyconnect ВОт кусок конфига
ip local pool anyconnect_pool 192.168.133.10-192.168.133.60 mask 255.255.255.0
interface GigabitEthernet1/8
nameif outside
security-level 90
ip address X.X.X.X 255.255.255.192
access-list outside_access_in extended permit icmp any4 any4 unreachable
access-list outside_access_in extended permit icmp any4 any4 time-exceeded
access-list outside_access_in extended permit icmp any4 any4 echo
access-list outside_access_in extended permit icmp any4 any4 echo-reply
access-list outside_access_in extended permit icmp any4 any4 traceroute
access-list outside_access_in extended permit tcp any4 any4 eq https
access-list SPLIT_Tunnel remark To the local network
access-list SPLIT_Tunnel standard permit 192.168.0.0 255.255.0.0
access-list AnyConnect_Client_Local_Print extended deny ip any4 any4
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns
nat (inside,outside) source dynamic internet_access_via_asa interface
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.133.0_26 NETWORK_OBJ_192.168.133.0_26 no-proxy-arp route-lookup
access-group outside_access_in in interface outside
Настройки ааа опущу, т.к. авторизация через ssh работает нормально, далее
http server enable 8443
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map infolada_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=ASA5506
crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint0
certificate 292c585b
<...>
20d92d3d 279f9610 05a84344 beb322ba 0a41
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outsiede client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
ssl cipher default custom "AES256-SHA:AES128-SHA:DES-CBC3-SHA"
ssl cipher tlsv1 custom "AES256-SHA:AES128-SHA:DES-CBC3-SHA"
ssl cipher tlsv1.1 low
ssl cipher tlsv1.2 low
ssl cipher dtlsv1 custom "AES256-SHA:AES128-SHA:DES-CBC3-SHA"
ssl trust-point ASDM_TrustPoint0 outside
ssl certificate-authentication interface outside port 443
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-3.1.05187-k9.pkg 1
anyconnect profiles Anyconnect_VPN_client_profile disk0:/Anyconnect_VPN_client_profile.xml
anyconnect enable
tunnel-group-list enable
cache
disable
error-recovery disable
group-policy GroupPolicy_Anyconnect_VPN internal
group-policy GroupPolicy_Anyconnect_VPN attributes
wins-server none
dns-server value 192.168.1.2 192.168.1.3
vpn-tunnel-protocol ikev2 ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT_Tunnel
default-domain value corp.test.com
webvpn
anyconnect keep-installer installed
anyconnect dpd-interval client 20
anyconnect profiles value Anyconnect_VPN_client_profile type user
anyconnect ask none default anyconnect
dynamic-access-policy-record DfltAccessPolicy
tunnel-group Anyconnect_VPN type remote-access
tunnel-group Anyconnect_VPN general-attributes
address-pool anyconnect_pool
authentication-server-group actdir-srv1
default-group-policy GroupPolicy_Anyconnect_VPN
tunnel-group Anyconnect_VPN webvpn-attributes
group-alias Anyconnect_VPN enable