No video :(

Understanding & Configuring Cisco AnyConnect

Подписаться 2,1 тыс.

Просмотров 39 тыс.

50% 1

Disclaimer: This video is not a how to guide for beginners. You must already have good understanding of Cisco ASA, Remote access VPN concepts.
Level: Advanced
This can be a really useful video for people working at service desk/IT desk, in security domain, Cisco TAC or any TAC that deals with firewalls or VPNs as a part of their job.
There are some other VPN related videos that you might be interested in. I am putting them all here so that you dont have to look around.
Understand how an IPSEC VPN comes up, what information is shared in each packet. After watching these videos you should have sufficient information to answer any question on the topic.
1. 1st Packet: • IPSEC 6 packet Exchang...
2. 2nd packet: • IPSEC 6 packet Exchang...
3. 3rd packet: • IPSEC 6 packet Exchang...
4. 4th packet: • IPSEC 6 packet Exchang...
5. 5th & 6th packet: • IPSEC 6 packet Exchang...
Extra one: How cookies are generated : • IPSEC 6 packet Exchang...
Then you would like to understand how to troubleshoot the problems:
1. MM_WAIT_MSG2 : • S2E1_IPSEC VPN - MM_WA...
2. MM_WAIT_MSG3: • S2E2_IPSEC VPN - MM_WA...
3. MM_WAIT_MSG4: • S2E3_IPSEC VPN - MM_WA...
4. MM_WAIT_MSG5 & MSG6: • S2E4_IPSEC VPN - MM_WA...
Command to troubleshoot a VPN problem and how to understand their output?
• Troubleshooting comman...
What is Aggressive mode and how it is different than Main mode? How does it work?
• S3E1_IPSEC VPN_Aggress...
How to configure Cisco Anyconnect? Understand the concepts.
• Understanding & Config...
What is client Profile in Cisco Anyconnect and what is its importance?
• Cisco Anyconnect - Ove...
How to troubleshoot Cisco Anyconnect related Problems?
• Cisco Anyconnect Troub...

Опубликовано:

26 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 78

@snpm3910 2 года назад

I got rejected in an interview today because I didn't have clarity on 34:34. I was searching everywhere to know the answer and this video came up. Thanks, buddy, for some new learning.

@edwardv4546 2 месяца назад

Thank you. I'm going to watch this a few times to make sure that I understand it all the way.

@RanaShahid87 3 года назад

I hope I could give 1000 likes. 9 years in cisco/Networking/security studies, never seen any such calm instructor. Simply love the way you explain.

@ASAme2 3 года назад

Thanks Shahid. Means a lot.

@akellavenkatasrinivas494 Год назад

@@ASAme2 pls do more videos on troubleshooting.fantastic

@sravankumar2898 3 года назад

Best on internet related to anyconnect vpn really. Pls keep going, subscribed for notifications like these

@benedictagyemang3862 3 года назад

You are such an amazing teacher, kudos to you Sir.

@benedictagyemang3862 3 года назад

Hello Sir, Can I please get your contact, I will love to reach out to you. Thank you Ben

@arshdeep1286 8 месяцев назад

thanks much great way of teaching

@thilaks8334 3 года назад

wonderful , please keep it going, its helping a lot to understand the concepts. Please do more videos of ASA.

@sreekanthreddy2462 4 года назад

Super I wish i could had this video 5 years back

@ASAme2 4 года назад

@Sreekanth, thats really emotional comment. I hope this has helped you.

@sreekanthreddy2462 4 года назад

@@ASAme2 yes it helped me a lot.please make a video on asa nat

@sudjmi 3 года назад

amazing .. really helpfull in understanding anyconnect .. best video to learn ...much appreciate your effort .. thank you

@abbasabdulwahabsulaiman7695 5 месяцев назад

Really helpful to me

@afshin9 Год назад

Do really appreciate it , very helpful and informative

@vijaypratapsinghgautam553 4 года назад

Hi Raj, good job Man! For the logging filter, we can use the following command, logging enable logging timestamp logging buffer-size 12428800 logging buffered warning or debugging

@ASAme2 4 года назад

Thank you for your support

@alamzeb9369 Год назад

Great and clear way of explaining the concept- thank you

@khensanigregorybaloyi5292 11 месяцев назад

Thank you so much, this vid was very helpful... can you please share the link where you did the certificate one?

@anishmittal 4 года назад

Hi Raj, very informative , waiting more to come in this series

@ASAme2 4 года назад

Thanks Anish

@RazaRaza-gq4fk 4 года назад

Awesome explanation...ur all videos are well explained..I am not sure ..why subscribers are less...keep it up man ..good work..Also please update videos on ASA NAT,ACL and troubleshooting..

@ASAme2 4 года назад

Thank you for your support Raza. Please share if these videos can help someone

@tsusendran 3 года назад

Clear and Crispy. Thanking your Efforts

@MahekThakar Год назад

Dear sir, Very Good And Perfect Session 👏👏Easily Understands things Please share more videos on Anyconnect and such important topics Related on Network Security Like IPSEC,AD,NAT etc. I have doubt in My Organization In Webvpn Config .Xml and vpn-posture.isp file also mapped could please explained why it is there and usage and one more thing inn my company we all have different Group made like you mention in this video but below Anyc App there is one more Option for system scan is there ,could you please elaborate that as well.

@sivashankarchandu5222 Год назад

Awesome explanation, I like the way it was explained crystal clear, scribed the channel

@Cave_Groyle 3 года назад

I found this really, really helpful. Much appreciated!

@SudeshKumar-zz4zi 4 года назад

awesome raj . thank you

@ASAme2 4 года назад

Thank you for your support

@Marclombeya 2 года назад

Great!!! You are very good. Is it possible to configure many anyconnect image? For different systems (Windows, mac, linux, android)???

@lsaikiran5150 2 года назад

Hi Sir, thanks for sharing this video everything working fine but am getting this error "The Service Provider in your current location is restriting access to the internet. you need to log on with the service provider before you can establish a VPN session. you can try this by visiting any website with your browser" what should i do to go this error?/

@Amanvirrk 2 года назад

Really very informative 👍🏻👍🏻👍🏻

@karumpuli1 3 года назад

Hi, if you add the diagram , it will be very helpful to practice

@wirklichwissen6435 2 года назад

Is ist possible for the teacher/professor to see, if the Student runs desktop recording Programm during online exam? Thx

@Lee-qp2et 2 года назад

Is all the traffic being tunneled back through the VPN with this configuration? What about split tunnel? What happens to the users local traffic including their internet traffic with this configuration, is it also being tunneled through the VPN with this config? If it is then this is not real world as you wouldn't want more traffic than is needed going throuth the tunnel. ALso this can cause issues for the user if they want to access other resources on their local network.

@princerajsingh4838 3 года назад

Well explained... subscribed now

@videomirchi8782 4 года назад

Great 👌 work

@ASAme2 4 года назад

Thanks @videomirchi. Also Thanks for suggestion.

@sound0ftruth 3 года назад

Can we use ASDM? It's easier with a GUI.

@ASAme2 3 года назад

Yes you can, and its easier than CLI. But when it comes to troubleshoot the problem then we must have understanding of cli configuration. That's why my focus has been on cli configuration.

@PankajMishra-wh5tu 3 года назад

Nice explanation

@billa3206 2 года назад

Ustaadji IKEv2 Please

@embraceyourorigins Год назад

Hello, How can I get to the ASA's outside interface when my PC isn't connected to the same network? N.B. My PC is connected to the Internet.. so for me to connect to the ASA'S outside interface which is connected to a service providers router interface..do I connect to the public IP address of the service provider given to the ASA? Your response would be really appreciated. Thanks a lot 🙏🏾

@ASAme2 Год назад

Yes, you will need to know the public IP of the ASA. It must be a static IP assigned.

@embraceyourorigins Год назад

@ASAme2 Thanks for your response. The problem is that the ASA's outside interface connected to the ISP's router has a private IP address configured ☹️

@ASAme2 Год назад

That means the ISP router is doing NAT/PAT. If the router is doing static nat then you will need to get the public IP from the router. If it's doing pat then you can not access the ASA from outside.

@embraceyourorigins Год назад

@@ASAme2 Alright! Thank you very much for your response. Regards,

@netrarajpun 3 года назад

I keep cisco anyconnect connected for more than 12hrs even after office hours.. So does this allows employer to trace my activities?

@ASAme2 3 года назад

If your anyconnect has been configured as full tunnel, in that case your employer can definitely trace anything you do over internet. For split tunnel set up not all the traffic goes to your company, trace will be limited

@peoplesgoods817 3 года назад

Hi Great Video ! Can I use Cisco AnyConnect while I work temporary overseas I’m travelling from UK to Morroco will the VPN still connect with a valid WiFi connection ? Please get back to me. Thanks a million man

@ASAme2 3 года назад

Yes it should. That's why it is known as a remote access vpn. You can connect from anywhere, all you need is Internet connectivity.

@peoplesgoods817 3 года назад

@@ASAme2 Thank you so much. You have literally made my whole week. Have a great day.

@peoplesgoods817 3 года назад

I am using Cisco AnyConnect secure mobility client, will this still work even over Morocco’s WiFi ? Sorry if this question was already answered I am just very confused

@101masad 3 года назад

You have added the anyconnect image under webvpn, is it possible to add a image under the group-policy. i would like to test a new image before rolling it out.

@ASAme2 3 года назад

The image cannot br added under group policy. However there are other options for your requirement. Let me see if I can find some documents for you

@ASAme2 3 года назад

You must be using xml profiles for all users. If you are doing that then disable auto update feature in the profile. Then you can apply your new image directly under webvpn configuration and test. It will not automatically update on user machine. Finally when you need to have it updated on client machines edit the profile again

@anandc6707 3 года назад

@@ASAme2 Yes great, @101masad I guess the below one would work on this case, first we need to disable the auto update on the existing xml profile and upload new xml profile with auto update enabled and create new connection profile(with the same configuration as a production profile) where we need to call the new xml file( auto update enabled). and we can test with the user to connect on the newly created profile, at the moment user connects it will get upgraded. Once everything if fine with the testing we can remove the newly created profile and enable the auto update on the production profile( older one ).

@jacktsang05 3 года назад

Could you please mute the music during your presentation? I really enjoy your session, but the music makes it harder to learn. :) Luv from Cambodia.

@ASAme2 3 года назад

Sure, point taken

@aquadir2830 3 года назад

Sir.. please clarify my doubts.. Xyz.in is hosted in AWS. And SSL is vendor is let's encrypt, it's expiring soon. Company decided to take new SSL certificate from GoDaddy. And upload it. Meanwhile AsaV is hosted in Cloud in same domain for anyconnect users. Do I need to do anything on AsaV while they change the SSL certificates in AWS. Thanks for your input sir. 🙏🙏.

@ASAme2 3 года назад

Check if asa is also using same old certificate and its about to expire or not. You can either check via asdm or cli. Sh ru all ssl - will tell you the interface name on which certificate has been applied, also the name of the trustpoint where certificate has been stored. Or you can use a browser and directly go to ur anyconnect url and check the certificate presented

@aquadir2830 3 года назад

@@ASAme2 I can see in asdm different certificate are there from GoDaddy and Amazon, but not sure which one is related... It would be great if can get in touch with you in your free time. Thank you sir.🙏🙏

@aquadir2830 3 года назад

@@ASAme2 I'm interested to take a course on asa only on anyconnect, IPsec and different types NATs

@ASAme2 3 года назад

Go to identity certificates, there you should be able to find the certificate

@ASAme2 3 года назад

You can contact me via email rajk5.cco@gmail.com

@tompakun3025 3 года назад

Hello please answer: while connecting to vpn anyconnecct to my university vpn, Will my computer be easily tracked and accessed and whatever I do can be seen by the IT staff??

@ASAme2 3 года назад

Your computer cannot be accessed without your permission, unless someone has installed a malware. Now what can your IT staff see when you are connected to vpn. To find that out you first need to check if it is split tunnel vpn or full tunnel. Open anyconnect, settings, route detail. Non secured routes must have 0.0.0.0 route in there. Secured routes are something that's going over the vpn and that's the only thing IT admin can see.

@tompakun3025 3 года назад

@@ASAme2 Thanks for your reply. I found in my list: secured route 0.0.0.0 at the bottom. Does that mean they can access my computer browsing once connecting to their vpn? Thanks again, sir

@ASAme2 3 года назад

They cannot access anything on ur computer. But if they want they can monitor on the firewall what you are trying to access.

@tompakun3025 3 года назад

@@ASAme2 What about if I am connecting hdmi to another monitor or connecting other hardwares, Can they see that too?

@tompakun3025 3 года назад

@@ASAme2 What about if I am connecting hdmi to another monitor or connecting other hardwares, Can they see that too?