{"id":1529,"date":"2025-11-13T01:46:28","date_gmt":"2025-11-12T16:46:28","guid":{"rendered":"https:\/\/mylifeisbeautiful555.net\/?page_id=1529"},"modified":"2025-11-24T19:00:46","modified_gmt":"2025-11-24T10:00:46","slug":"anyconnect%e3%81%a7cisco-asa%e3%81%abvpn%e3%81%99%e3%82%8b%e8%a8%ad%e5%ae%9a%e6%96%b9%e6%b3%95","status":"publish","type":"page","link":"https:\/\/mylifeisbeautiful555.net\/?page_id=1529","title":{"rendered":"anyconnect\u3067CISCO ASA\u306bvpn\u3059\u308b\u8a2d\u5b9a\u65b9\u6cd5"},"content":{"rendered":"\n

Cisco AnyConnect \u3067 VPN \u63a5\u7d9a\u3092\u884c\u3046\u306b\u306f\u3001\u300c\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\uff08PC\uff09\u300d\u3068\u300c\u30b5\u30fc\u30d0\u30fc\u5074\uff08VPN\u6a5f\u5668\uff1aCisco ASA\u3084Firepower\u306a\u3069\uff09\u300d\u306e\u4e21\u65b9\u3067\u8a2d\u5b9a\u304c\u5fc5\u8981\u3067\u3059\u3002<\/p>\n\n\n\n

\u5168\u4f53\u69cb\u6210<\/h2>\n\n\n\n
[PC]\u2500\u2500Internet\u2500\u2500[Cisco ASA]\u2500\u2500[\u793e\u5185LAN]<\/code><\/pre>\n\n\n\n
    \n
  • PC\uff1aCisco AnyConnect Secure Mobility Client<\/li>\n\n\n\n
  • ASA\uff1aVPN\u30b5\u30fc\u30d0\u30fc\u3068\u3057\u3066\u52d5\u4f5c<\/li>\n\n\n\n
  • \u8a8d\u8a3c\uff1a\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc or RADIUS\u30b5\u30fc\u30d0\u30fc<\/li>\n<\/ul>\n\n\n\n
    Cisco ASA \u5074\u306e\u8a2d\u5b9a\u624b\u9806<\/h2>\n\n\n\n
    \u2460 AnyConnect \u30d1\u30c3\u30b1\u30fc\u30b8\u306e\u767b\u9332<\/h3>\n\n\n\n
    ASA\u306bAnyConnect\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30e9\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
    ASA(config)# webvpn\nASA(config-webvpn)# anyconnect image disk0:\/anyconnect-win-4.x.x-k9.pkg 1\nASA(config-webvpn)# anyconnect enable\n<\/code><\/pre>\n\n\n\n
    \u2461 \u30e6\u30fc\u30b6\u30fc\u4f5c\u6210\uff08\u30ed\u30fc\u30ab\u30eb\u8a8d\u8a3c\u306e\u5834\u5408\uff09<\/h3>\n\n\n\n
    ASA(config)# username testuser password cisco123 privilege 0<\/code><\/pre>\n\n\n\n
    \u2462 IP\u30d7\u30fc\u30eb\u4f5c\u6210<\/h3>\n\n\n\n
    VPN\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u5272\u308a\u5f53\u3066\u308b\u30a2\u30c9\u30ec\u30b9\u7bc4\u56f2\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
    ASA(config)# ip local pool VPN_POOL 192.168.50.10-192.168.50.50 mask 255.255.255.0<\/code><\/pre>\n\n\n\n
    \u2463 \u30c8\u30f3\u30cd\u30eb\u30b0\u30eb\u30fc\u30d7\u4f5c\u6210<\/h3>\n\n\n\n
    ASA(config)# tunnel-group ANYCONNECT type remote-access\nASA(config)# tunnel-group ANYCONNECT general-attributes\nASA(config-tunnel-general)# address-pool VPN_POOL\nASA(config-tunnel-general)# default-group-policy ANYCONNECT_POLICY<\/code><\/pre>\n\n\n\n
    \u2464 \u30b0\u30eb\u30fc\u30d7\u30dd\u30ea\u30b7\u30fc\u8a2d\u5b9a<\/h3>\n\n\n\n
    ASA(config)# group-policy ANYCONNECT_POLICY internal\nASA(config)# group-policy ANYCONNECT_POLICY attributes\nASA(config-group-policy)# vpn-tunnel-protocol ssl-client\nASA(config-group-policy)# split-tunnel-policy tunnelall\nASA(config-group-policy)# dns-server value 8.8.8.8\n<\/code><\/pre>\n\n\n\n
    \u2465 WebVPN \u6709\u52b9\u5316<\/h3>\n\n\n\n
    ASA(config)# webvpn\nASA(config-webvpn)# enable outside\nASA(config-webvpn)# anyconnect enable<\/code><\/pre>\n\n\n\n
    \u2466 HTTPS\u30a2\u30af\u30bb\u30b9\u3092\u6709\u52b9\u5316\uff08\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304c\u63a5\u7d9a\u3059\u308b\u305f\u3081\u306eURL\uff09<\/h3>\n\n\n\n
    ASA(config)# interface outside\nASA(config-if)# ip address 203.0.113.1 255.255.255.0\nASA(config)# http server enable\n<\/code><\/pre>\n\n\n\n
    \u2192 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306f\u6b21\u306eURL\u306b\u30a2\u30af\u30bb\u30b9\uff1a<\/p>\n\n\n\n
    https://203.0.113.1\/<\/code><\/pre>\n\n\n\n
    \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\uff08AnyConnect\uff09\u8a2d\u5b9a\u624b\u9806<\/h2>\n\n\n\n
      \n
    1. Cisco AnyConnect Secure Mobility Client \u3092\u8d77\u52d5<\/li>\n\n\n\n
    2. \u63a5\u7d9a\u5148\u306b ASA \u306e\u30a2\u30c9\u30ec\u30b9\u3092\u5165\u529b https:\/\/203.0.113.1\/<\/code><\/li>\n\n\n\n
    3. \u30e6\u30fc\u30b6\u30fc\u540d\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b<\/li>\n\n\n\n
    4. \u63a5\u7d9a\u5b8c\u4e86\u5f8c\u3001\u30c8\u30ec\u30a4\u30a2\u30a4\u30b3\u30f3\u304c\u300c\u9375\u30de\u30fc\u30af\u300d\u306b\u306a\u308c\u3070VPN\u78ba\u7acb<\/li>\n<\/ol>\n\n\n\n
      \u52d5\u4f5c\u78ba\u8a8d\u30b3\u30de\u30f3\u30c9<\/h2>\n\n\n\n
      ASA\u5074<\/h3>\n\n\n\n
      show vpn-sessiondb anyconnect\nshow webvpn session<\/code><\/pre>\n\n\n\n
      \u30c8\u30e9\u30d6\u30eb\u6642\u306e\u78ba\u8a8d\u30dd\u30a4\u30f3\u30c8<\/h2>\n\n\n\n
      \u73fe\u8c61<\/th>\u78ba\u8a8d\u4e8b\u9805<\/th><\/tr><\/thead>
      \u63a5\u7d9a\u3067\u304d\u306a\u3044<\/td>outside\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9\u3067443\/tcp\u304c\u958b\u3044\u3066\u3044\u308b\u304b\u78ba\u8a8d<\/td><\/tr>
      \u8a8d\u8a3c\u5931\u6557<\/td>\u30e6\u30fc\u30b6\u30fc\u540d\u30fb\u30d1\u30b9\u30ef\u30fc\u30c9\u8a2d\u5b9a or AAA\u30b5\u30fc\u30d0\u8a2d\u5b9a<\/td><\/tr>
      IP\u304c\u5272\u308a\u5f53\u305f\u3089\u306a\u3044<\/td>IP\u30d7\u30fc\u30eb\u8a2d\u5b9a\u3001\u30a2\u30c9\u30ec\u30b9\u7af6\u5408\u306e\u78ba\u8a8d<\/td><\/tr>
      WebVPN\u30da\u30fc\u30b8\u304c\u958b\u304b\u306a\u3044<\/td>http server enable<\/code> \u3068 webvpn enable outside<\/code> \u3092\u78ba\u8a8d<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
      \u88dc\u8db3\uff1aRADIUS\u8a8d\u8a3c\u3092\u4f7f\u3046\u5834\u5408<\/h2>\n\n\n\n
      \u5916\u90e8\u306eRADIUS\u30b5\u30fc\u30d0\u30fc\u3092\u4f7f\u3044\u305f\u3044\u5834\u5408\u306f\u4ee5\u4e0b\u3092\u8ffd\u52a0\u3057\u307e\u3059\uff1a<\/p>\n\n\n\n
      ASA(config)# aaa-server RADIUS-SRV protocol radius\nASA(config-aaa-server-group)# aaa-server RADIUS-SRV (inside) host 10.1.1.10\nASA(config-aaa-server-host)# key radiuskey\nASA(config)# tunnel-group ANYCONNECT general-attributes\nASA(config-tunnel-general)# authentication-server-group RADIUS-SRV\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
      Cisco AnyConnect \u3067 VPN \u63a5\u7d9a\u3092\u884c\u3046\u306b\u306f\u3001\u300c\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\uff08PC\uff09\u300d\u3068\u300c\u30b5\u30fc\u30d0\u30fc\u5074\uff08VPN\u6a5f\u5668\uff1aCisco ASA\u3084Firepower\u306a\u3069\uff09\u300d\u306e\u4e21\u65b9\u3067\u8a2d\u5b9a\u304c\u5fc5\u8981\u3067\u3059\u3002 \u5168\u4f53\u69cb\u6210 Cisco ASA \u5074 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-1529","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=\/wp\/v2\/pages\/1529","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1529"}],"version-history":[{"count":4,"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=\/wp\/v2\/pages\/1529\/revisions"}],"predecessor-version":[{"id":1641,"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=\/wp\/v2\/pages\/1529\/revisions\/1641"}],"wp:attachment":[{"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1529"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}