Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco Any Connect connection issues

Please can someone help, I have configured what I believe to right on my Cisco router 887, i currently have an working IPSEC VPN setup but the SSL VPN doesn't work. 

Please see the config below:

version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MBRouter
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$hpkq$xJpoZqs9xiWIEmYfKVPAv1
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sslvpn local
aaa authentication login vpn_xauth_ml_1 local
aaa authorization network vpn_group_ml_1 local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
!
crypto pki trustpoint my-trustpoint
enrollment selfsigned
serial-number
subject-name CN=CiscoAnyConnect-certificate
revocation-check crl
rsakeypair my-rsa-keys
!
!
crypto pki certificate chain my-trustpoint
certificate self-signed 02
30820283 308201EC A0030201 02020102 300D0609 2A864886 F70D0101 05050030
5D312430 22060355 0403131B 43697363 6F416E79 436F6E6E 6563742D 63657274
69666963 61746531 35301206 03550405 130B4643 5A313832 32433230 39301F06
092A8648 86F70D01 09021612 4D42526F 75746572 2E4D424E 4554574F 524B301E
170D3136 30353138 32323130 31365A17 0D323030 31303130 30303030 305A305D
31243022 06035504 03131B43 6973636F 416E7943 6F6E6E65 63742D63 65727469
66696361 74653135 30120603 55040513 0B46435A 31383232 43323039 301F0609
2A864886 F70D0109 0216124D 42526F75 7465722E 4D424E45 54574F52 4B30819F
300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100E8C7 7D00C90E
E092FCF5 769730E4 2EAF65C5 9788658F F58D8E51 2968882B 835976FC C689E9BA
C7531937 237363E1 1EA52223 3847A332 534A07C3 66E180A6 3E96DBDE C21A5299
DE050897 BE25A9C6 9D86C42E B0C79863 E43F385C F1EA3DC9 40062745 93EAAE19
968A95E8 2D4F90B5 87577697 BCA6DF56 D1F65C17 89749883 E57B0203 010001A3
53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680
1471368A FF119DAE 56823AB5 83BA3DF5 10A3AA90 D0301D06 03551D0E 04160414
71368AFF 119DAE56 823AB583 BA3DF510 A3AA90D0 300D0609 2A864886 F70D0101
05050003 81810053 407F6B7F 7278CAA2 26A19B13 63999ED4 0E14CAD7 DFD3DE23
CB8CBBB2 87ECCFDE 4BFA2DA6 830B0CE4 D19097E9 148C4C64 FB6F62E7 AFC92BC0
AFEC6BCE 4FC171FA BBBFB97B 022F3047 4E89AC70 19FB5C12 DF70708E 982DD07A
6987AC5D A99ABE3D DAC74BD8 562A61A9 8F636943 9302D4E5 B8A04741 2888E24D
73DD2439 D5836D
quit
no ip gratuitous-arps
!
!
!
!


!
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.100 192.168.0.109
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool LAN
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 8.8.8.8 8.8.4.4
lease infinite
!
ip dhcp pool CCTV
host 192.168.0.50 255.255.255.0
default-router 192.168.0.1
dns-server 8.8.8.8 8.8.4.4
lease infinite
!
ip dhcp pool MIKE-PC
host 192.168.0.2 255.255.255.0
client-identifier 0100.1e0b.dd89.47
default-router 192.168.0.1
dns-server 8.8.8.8 8.8.4.4
lease infinite
!
ip dhcp pool OPENVIX
host 192.168.0.17 255.255.255.0
client-identifier 0100.1dec.01d7.74
default-router 192.168.0.1
dns-server 8.8.8.8 8.8.4.4
lease infinite
!
ip dhcp pool RASPBERRY-PI2
host 192.168.0.14 255.255.255.0
client-identifier 01b8.27eb.edab.96
default-router 192.168.0.1
dns-server 8.8.8.8 8.8.4.4
lease infinite
!
ip dhcp pool READYNAS
host 192.168.0.19 255.255.255.0
client-identifier 01e0.469a.a055.52
default-router 192.168.0.1
dns-server 8.8.8.8 8.8.4.4
lease infinite
!
ip dhcp pool NETGEAR-AP
host 192.168.0.52 255.255.255.0
client-identifier 4c60.de6b.9541
default-router 192.168.0.1
dns-server 8.8.8.8 8.8.4.4
lease infinite
!
!
!
no ip domain lookup
ip domain name MBNETWORK
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887VA-K9 sn FCZ1822C209
license boot module c880-data level advipservices
!
!
vtp domain null
vtp mode transparent
username xxxxxxxxxxxx privilege 7 secret 5 xxxxxxxxxxxxx
username xxxxx password 0 xxxxxxx
username xxxx password 0 xxxxxx
!
crypto vpn anyconnect flash:/webvpn/anyconnect-win-4.2.01035-k9.pkg sequence 1
!
!
!
!
!
controller VDSL 0
firmware filename flash:vdsl.bin-A2pv6C035d_d23j
!
vlan 2
name MB_DOMAIN
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group MB_Network
key xxxxxx
dns 8.8.8.8 8.8.4.4
pool vpn_client_pool
acl vpn_resources
max-users 10
crypto isakmp profile vpn_ike_profile
match identity group xxxxxx
client authentication list vpn_xauth_ml_1
isakmp authorization list vpn_group_ml_1
client configuration address respond
virtual-template 2
!
!
crypto ipsec transform-set vpn_transform esp-3des esp-sha-hmac
mode tunnel
!
!
crypto ipsec profile vpn_profile
set transform-set vpn_transform
!
!
!
!
!
!
interface Ethernet0
no ip address
!
interface Ethernet0.101
encapsulation dot1Q 101
ip address dhcp
ip nat outside
ip virtual-reassembly in
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
switchport access vlan 2
no ip address
!
interface Virtual-Template2 type tunnel
ip unnumbered Vlan1
ip nat inside
ip virtual-reassembly in
tunnel mode ipsec ipv4
tunnel protection ipsec profile vpn_profile
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no autostate
!
interface Vlan2
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.1.2
ip nat inside
ip virtual-reassembly in
no autostate
!
ip local pool vpn_client_pool 192.168.0.100 192.168.0.109
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
!
!
ip nat inside source list 1 interface Ethernet0.101 overload
ip nat inside source static tcp 192.168.0.17 80 interface Ethernet0.101 80
ip nat inside source static tcp 192.168.0.2 32400 interface Ethernet0.101 32400
ip nat inside source static udp 192.168.0.2 32400 interface Ethernet0.101 32400
ip nat inside source static udp 192.168.0.2 45633 interface Ethernet0.101 45633
ip nat inside source static tcp 192.168.0.2 45633 interface Ethernet0.101 45633
ip nat inside source static tcp 192.168.0.50 88 interface Ethernet0.101 88
ip nat inside source static tcp 192.168.0.1 443 interface Ethernet0.101 443
ip nat inside source static udp 192.168.0.1 443 interface Ethernet0.101 443
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip access-list extended vpn_resources
permit ip 192.168.0.0 0.0.255.255 any
!
access-list 1 permit any
!
!
!
!
control-plane
!
!

!
line con 0
no modem enable
line aux 0
line vty 0 4
length 0
transport input ssh
line vty 5 15
transport input ssh
!
!
!
webvpn gateway Cisco_AnyConnect
ip interface Ethernet0.101 port 443
ssl encryption rc4-md5
ssl trustpoint my-trustpoint
inservice
!
webvpn context Cisco_AnyConnect
title "M&B - Cisco AnyConnect"
!
acl "CiscoAnyConnect-ACL"
permit ip 192.168.0.0 255.255.255.0 any
login-message "M&B Cisco Any Connect"
aaa authentication list sslvpn
gateway Cisco_AnyConnect
!
ssl authenticate verify all
inservice
!
policy group sslpolicy
functions svc-enabled
filter tunnel CiscoAnyConnect-ACL
svc address-pool "vpn_client_pool" netmask 255.255.255.0
svc keep-client-installed
svc rekey method new-tunnel
svc split include 192.168.0.0 255.255.255.0
default-group-policy sslpolicy
!
end

Everyone's tags (1)
73
Views
0
Helpful
0
Replies
CreatePlease to create content