I have configured the SSL VPN via CCA 2.2 and it does not seem to be working. Here is what I have done so far.....
In CCA 2.2:
- Configure > Security > SSL VPN
- On the Advanced tab, I checked "Full Tunnel" and added IP address range
- Installed AnyConnect client package "anyconnect-win-2.4.0202-k9.pkg"
- Checked "Enable split tunneling" and added other networks
- The configuration was sent successfully to the router, but received an error about the firewall not recognized.
- Added entry to firewall to allow port 443 via the Public IP address of WAN interface.
Tried accessing via web browser remotely and received a Page cannot be displayed, also tried accessing via AnyConnect Client remotely and was unable to connect.
After going back into SSL VPN in CCA (without making any changes in CLI), it told me that the configuration on the device was unrecognized and to continue I had to delete the current SSL VPN config and re-create it. Even after recreating it still did not work.
Here is the configuration:
ip inspect name SDM_MEDIUM https
ip address 22.214.171.124 255.255.255.0
ip address xxx.xxx.xxx.xxx 255.255.255.240
ip access-group 104 in
ip nat outside
ip inspect SDM_MEDIUM out
crypto map SDM_CMAP_1
service-policy input sdmappfwp2p_SDM_MEDIUM
service-policy output sdmappfwp2p_SDM_MEDIUM
interface Virtual-Template3 type serial
ip unnumbered Loopback3
ip nat inside
ip local pool SDM_WEBVPN_POOL_1 192.168.232.10 192.168.232.19
access-list 104 permit tcp any host xxx.xxx.xxx.xxx eq 443
webvpn gateway SDM_WEBVPN_GATEWAY_1
ip address xxx.xxx.xxx.xxx port 443
ssl trustpoint TP-self-signed-429721078
webvpn install svc flash:/webvpn/anyconnect-win-2.4.0202-k9.pkg sequence 1
webvpn context SDM_WEBVPN_CONTEXT_1
ssl authenticate verify all
policy group SDM_WEBVPN_POLICY_1
svc address-pool "SDM_WEBVPN_POOL_1"
svc split include 10.0.0.0 255.255.255.0
svc split include 10.1.1.0 255.255.255.0
svc split include 10.1.10.0 255.255.255.252
aaa authentication list sdm_vpn_xauth_ml_1