We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 557 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)


307 New Members signed up the last 30 days!


100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , , , ,

Notable Replies

  1. Hi Rene,

    For this part here -

    The DNS server will be assigned to remote VPN users.

    When connected to the VPN, If the users are trying to access Internal Corporate machines via DNS name, should we provide an Internal DNS server address rather than


  2. kamal says:


    I have ASA 5520 VPN Plus license with latest IOS disk0:/asa917-k8.bin

    Licensed features for this platform:
    Maximum Physical Interfaces       : Unlimited      perpetual
    Maximum VLANs                     : 150            perpetual
    Inside Hosts                      : Unlimited      perpetual
    Failover                          : Active/Active  perpetual
    Encryption-DES                    : Enabled        perpetual
    Encryption-3DES-AES               : Enabled        perpetual
    Security Contexts                 : 20             perpetual
    GTP/GPRS                          : Enabled        perpetual
    AnyConnect Premium Peers          : 250            perpetual
    AnyConnect Essentials             : 750            perpetual
    Other VPN Peers                   : 750            perpetual
    Total VPN Peers                   : 750            perpetual
    Shared License                    : Enabled        perpetual
    AnyConnect for Mobile             : Enabled        perpetual
    AnyConnect for Cisco VPN Phone    : Enabled        perpetual
    Advanced Endpoint Assessment      : Enabled        perpetual
    UC Phone Proxy Sessions           : 100            perpetual
    Total UC Proxy Sessions           : 100            perpetual
    Botnet Traffic Filter             : Enabled        perpetual
    Intercompany Media Engine         : Disabled       perpetual
    Cluster                           : Disabled       perpetual
    This platform has an ASA 5520 VPN Plus license.

    My question is, can we use AnyConnect VPN Client Software-4.2.01035 with my existing Firewall?

  3. Hi Rene,

    Congrats, very clear tutorial. What about the NAT rule to keep untranslated the traffic between internal subnets and remote VPN hosts ? Is not it needed ?

    Please advise.

    Thank you.

  4. Hi Alessandro,

    Glad to hear you like it! You will need a NAT rule to keep traffic between remote VPN users and inside hosts untranslated. You can find the config for it in this reply:

    Cisco ASA NAT untranslate


Continue the discussion forum.networklessons.com

20 more replies