Hi All, I just installed Anyconnect on a Cisco 2911 that has the ipbase, securityk9, and UCK9 license with IOS 15.2
When I tested it from outside the ISP network it would not connect. I then took off my ACL's comming inbound on the outside interface facing the ISP and it worked.
Are there ports that I need to open from the internet for anyconnect....I have done this on the ASA platform but, I dont recall having to allow ports from the internet in....seems like a bad idea?
I'm using CBAC on the firewall...below is the port configuration and the outside to inside ACL's
interface GigabitEthernet0/0
description Outside
ip address XXX.XXX.XXX.XXX 255.255.255.252
ip access-group in-outside in
ip verify unicast reverse-path
ip nat outside
ip inspect CCP_LOW out
ip virtual-reassembly in
duplex full
speed 1000
crypto map XXXXXXXX
ip access-list extended in-outside
permit icmp any any echo-reply log
permit icmp any any time-exceeded log
permit icmp any any unreachable log
permit udp host XXXXXXXXX any eq isakmp
permit udp host XXXXXXXXX any eq non500-isakmp
permit esp host XXXXXXXXX any
permit ahp host XXXXXXXXX any
permit tcp any any eq 22
permit udp any any eq 22
permit udp host XXXXXXXXX any eq ntp
permit udp host XXXXXXXXX any eq ntp
Thanks,
Dan