Cisco AnyConnect on IOS 12.4(20)T – Valuable Tech Notes

There are plenty of tutorials on setting up AnyConnect on an ASA unit, and a handful of links noting that IOS 12.4(15) and later support AnyConnect, but I can't seem to find any good documentation about how to setup AnyConnect on IOS; most tutorials assume you only want a clientless VPN on IOS. the best I've found is this document on Cisco's site, but it's not working for me in practice – see below.

This is all on a Cisco 881W:

router#show version | include Version
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 12.4(20)T1, RELEASE SOFTWARE (fc3)
ROM: System Bootstrap, Version 12.4(15r)XZ2, RELEASE SOFTWARE (fc1)

The old SSL VPN Client seems to install just fine:

router#show webvpn install status svc  
SSLVPN Package SSL-VPN-Client version installed:
CISCO STC win2k+ 1.0.0 
1,1,4,176
Thu 08/16/2007 12:37:00.43

However, when I install the AnyConnect client, after authenticating it hangs for a while during the self-update process, and stops with an error that the "AnyConnect package unavailable or corrupted."

When I try to install the AnyConnect package on the router, I'm told that it's an invalid archive:

router(config)#webvpn install svc flash:/webvpn/anyconnect-win-2.3.2016-k9.pkg
SSLVPN Package SSL-VPN-Client (seq:2): installed Error: Invalid Archive

Does anyone have a good sample on how to get the 2.x AnyConnect clients working with a Cisco device running IOS?

Best Answer

I have a TAC case open to see if any good documentation exists for this, but I did get a basic installation up and running using SDM 2.5. Unfortunately SDM will NOT recognize that Anyconnect is installed even though it is. You will need to install the Anyconnect packages manually and then setup the rest in SDM.

First...install Anyconnect packages. I use the Window and Mac packages. TFTP them onto the router and install them using: (from conf t)

webvpn install svc flash:/windows_package_name.pkg sequence 1

webvpn install svc flash:/mac_package_name.pkg sequence 2

It will install and your config will have lines like this:

webvpn install svc flash:/webvpn/svc_1.pkg sequence 1

webvpn install svc flash:/webvpn/svc_2.pkg sequence 2

Now you can go into SDM and run the wizard....

Hope this helps!

-Andy

Updating: I got a reply on my TAC case....here are the URLs Cisco sent me:

Here is the IOS SSL VPN Data Sheet that explains what features are available

www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/product_data_sheet0900aecd80405e25.html

Here is the IOS SSL VPN CLI Configuration Guide:

www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_ssl_vpn.html

Here are several IOS SSL VPN Configuration Examples & TechNotes:

www.cisco.com/en/US/products/ps6657/prod_configuration_examples_list.html

Best Answer

Related Solutions

Windows – 64-bit Cisco VPN client (IPsec)

Cisco – Port mirroring/monitoring the DSL/ATM interface on a Cisco 877/877W

Related Topic