Procedure

Step 1

In the left pane, click Secure Connections > Remote Access VPN > ASA & FDM. You can click a VPN configuration to view the summary information on how many connection profiles and group policies are currently configured.

Step 2

Click the connection profile and under Actions in the sidebar at the right, click Add Connection Profile.

Step 3

Configure the basic connection attributes.

Connection Profile Name: The name for this connection, up to 50 characters without spaces. For example, MainOffice.

Note	The name you enter here is what users will see in the connection list in the AnyConnect client. Choose a name that will make sense to your users.

Group Alias, Group URL: Aliases contain alternate names or URLs for a specific connection profile. VPN users can choose an alias name in the AnyConnect client in the list of connections when they connect to the FDM-managed device. The connection profile name is automatically added as a group alias. You can also configure the list of group URLs, which your endpoints can select while initiating the Remote Access VPN connection. If users connect using the group URL, the system will automatically use the connection profile that matches the URL. This URL would be used by clients who do not yet have the AnyConnect client installed. Add as many group aliases and URLs as required. These aliases and URLs must be unique across all connection profiles defined on the device. Group URLs must start with https://.
For example, you might have the alias Contractor and the group URLhttps://ravpn.example.com/contractor. Once the AnyConnect client is installed, the user would simply select the group alias in the AnyConnect VPN drop-down list of connections.

Step 4

Configure the primary and optionally, secondary identity sources. These options determine how remote users authenticate to the device to enable the remote access VPN connection. The simplest approach is to use AAA only and then select an AD realm or use the LocalIdentitySource. You can use the following approaches for Authentication Type:

AAA Only: Authenticate and authorize users based on username and password. For details, see Configure AAA for a Connection Profile.
Client Certificate Only: Authenticate users based on client device identity certificate. For details, see Configure Certificate Authentication for a Connection Profile.
AAA and ClientCertificate: Use both username/password and client device identity certificate.

Step 5

Configure the address pool for clients. The address pool defines the IP addresses that the system can assign to remote clients when they establish a VPN connection. For more information, see Configure Client Address Pool Assignment.

Step 6

Click Continue.

Step 7

Select the Group Policy to use for this profile from the list and click Select. The group policy sets terms for user connections after the tunnel is established. The system includes a default group policy named DfltGrpPolicy. You can create additional group policies to provide the services you require.

Note	If the group policy you need does not yet exist, create the group policy on the Objects page and then associate the policy to the RA VPN configuration. For detailed information about group policies, see Create New RA VPN Group Policies.

Step 8

Click Continue.

Step 9

Review the summary. First, verify that the summary is correct. You can see what end-users need to do to initially install the AnyConnect software and test that they can complete a VPN connection. Click to copy the instructions to the clipboard, and then distribute them to your users.

Step 10

Click Done.

Procedure

Procedure

What to do next