Tags: , , , ,

Forum Replies

  1. Hi Rene,

    For this part here -

    The DNS server will be assigned to remote VPN users.

    When connected to the VPN, If the users are trying to access Internal Corporate machines via DNS name, should we provide an Internal DNS server address rather than


  2. kamal says:


    I have ASA 5520 VPN Plus license with latest IOS disk0:/asa917-k8.bin

    Licensed features for this platform:
    Maximum Physical Interfaces       : Unlimited      perpetual
    Maximum VLANs                     : 150            perpetual
    Inside Hosts                      : Unlimited      perpetual
    Failover                          : Active/Active  perpetual
    Encryption-DES                    : Enabled        perpetual
    Encryption-3DES-AES               : Enabled        perpetual
    Security Contexts                 : 20             perpetual
    GTP/GPRS                          : Enabled        perpetual
    AnyConnect Premium Peers          : 250            perpetual
    AnyConnect Essentials             : 750            perpetual
    Other VPN Peers                   : 750            perpetual
    Total VPN Peers                   : 750            perpetual
    Shared License                    : Enabled        perpetual
    AnyConnect for Mobile             : Enabled        perpetual
    AnyConnect for Cisco VPN Phone    : Enabled        perpetual
    Advanced Endpoint Assessment      : Enabled        perpetual
    UC Phone Proxy Sessions           : 100            perpetual
    Total UC Proxy Sessions           : 100            perpetual
    Botnet Traffic Filter             : Enabled        perpetual
    Intercompany Media Engine         : Disabled       perpetual
    Cluster                           : Disabled       perpetual
    This platform has an ASA 5520 VPN Plus license.

    My question is, can we use AnyConnect VPN Client Software-4.2.01035 with my existing Firewall?

  3. Hi Rene,

    Congrats, very clear tutorial. What about the NAT rule to keep untranslated the traffic between internal subnets and remote VPN hosts ? Is not it needed ?

    Please advise.

    Thank you.

  4. Hi Alessandro,

    Glad to hear you like it! You will need a NAT rule to keep traffic between remote VPN users and inside hosts untranslated. You can find the config for it in this reply:

    Cisco ASA NAT untranslate


34 more replies! Ask a question or join the discussion by visiting our Community Forum