Step 1: ( create names for networks )
names
name < network address > wpn_<name>
Step 2: ( ensure you can circulate traffic between networks )
same-security-traffic permit inter-interfacesame-security-traffic permit intra-interface
Step 3: ( ensure a Split Tunnel Access-list )
access-list remote_splitTunnelAcl standard permit < network address > < subnet address >
Step 4: ( create a network group )
object network WPN_<name>subnet < network address > < subnet address >
Step 5: ( ensure a No Nat access-list )
access-list acl_NONAT_out extended permit ip object <Local network object group > object < wpn object group>
Step 6: ( create a ip local pool for the ssl*** )
ip local pool Web×××Pool <network address.100-<network address>.200 mask <subnet address>
Step 7: ( create a nat entry )
nat (inside,any) source static Local-LAN Local-LAN destination static WPN_<name> WPN_<name>
Step 8: ( create a radius connection if you use radius )
aaa-server <servername> protocol radiusaaa-server <servername> (inside) host < ip address server >timeout 5key <keyname>
Step 9: ( Web*** configuration ( ensure you upload the correct/latest anyconnect software ) )
web***enable outsidesvc p_w_picpath disk0:/anyconnect-win-2.5.0217-k9.pkg 3svc p_w_picpath disk0:/anyconnect-macosx-i386-2.5.0217-k9.pkg 4svc enabletunnel-group-list enablegroup-policy Web×××Policy internalgroup-policy Web×××Policy attributesdns-server value <dns server >***-tunnel-protocol svcgroup-lock value Web×××AccessProfilesplit-tunnel-policy tunnelspecifiedsplit-tunnel-network-list value remote_splitTunnelAcldefault-domain value <domainname>.localaddress-pools value Web×××Poolweb***svc ask none default svchidden-shares nonefile-entry disablefile-browsing disableurl-entry disable
Step 10: ( create tunnel-groups )
tunnel-group Web×××AccessProfile type remote-accesstunnel-group Web×××AccessProfile general-attributesauthentication-server-group <radius groupname > LOCALdefault-group-policy Web×××Policytunnel-group Web×××AccessProfile web***-attributesgroup-alias Web××× enable