I have a TAC case open to see if any good documentation exists for this, but I did get a basic installation up and running using SDM 2.5. Unfortunately SDM will NOT recognize that Anyconnect is installed even though it is. You will need to install the Anyconnect packages manually and then setup the rest in SDM.
First...install Anyconnect packages. I use the Window and Mac packages. TFTP them onto the router and install them using: (from conf t)
webvpn install svc flash:/windows_package_name.pkg sequence 1
webvpn install svc flash:/mac_package_name.pkg sequence 2
It will install and your config will have lines like this:
webvpn install svc flash:/webvpn/svc_1.pkg sequence 1
webvpn install svc flash:/webvpn/svc_2.pkg sequence 2
Now you can go into SDM and run the wizard....
Hope this helps!
-Andy
Updating: I got a reply on my TAC case....here are the URLs Cisco sent me:
Here is the IOS SSL VPN Data Sheet that explains what features are available
www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/product_data_sheet0900aecd80405e25.html
Here is the IOS SSL VPN CLI Configuration Guide:
www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_ssl_vpn.html
Here are several IOS SSL VPN Configuration Examples & TechNotes:
www.cisco.com/en/US/products/ps6657/prod_configuration_examples_list.html
Can you post the output of your log while trying to establish a vpn connection at the debugging level? (in the asdm go to Monitoring -> Logging -> set logging level to debug in the drop down -> click view)
Also unless there is a compelling reason to stay at 7.2(4) I would upgrade to the latest 8.x release. The 7.2 series had some pretty major issues.
EDIT
That error means that the interface the incoming vpn is setup on doesn't have a crypto-map applied.
if you were following the instructions there, you probably applied the crypto map like this:
crypto map outside_map interface outside
if you are testing on the same lan you would need to do this:
crypto map outside_map interface inside
Ugly i know but it'll let you test, then remove from the inside interface and you are good to go.
If that doesn't work, would you be willing put post your running config?
EDIT 2:
Ok, lets simplify this config a little. Try disconnecting the XP machine from the ASA. And also remove the 192.168.1.1 ip address and DHCP pool from the ASA. Then try to connect via the vpn.
Best Answer
You would only need to allow SSL (port 443).
Because your VNC traffic is going to get piggybacked by SSL.
From the IPS/Router's stance, VNC traffic is going to look like SSL.