en conf t ! hostname csr1000v_3-13-3 ! no ip domain lookup ip domain name cust.example.net ! int gi1 ip address 192.168.100.2 255.255.255.0 no shut ! aaa new-model ! aaa authentication login AAA_SSL_VPN local aaa authentication ppp sslvpn_auth_local local aaa authorization network AAA_SSL_VPN local aaa authorization network sslvpn_auth_local local ! aaa attribute list AAA_SSLVPN_LIST attribute type interface-config "ip unnumbered Loopback172" service ppp protocol lcp attribute type addr-pool "sslvpn-pool" service ppp protocol ip ! username test_user aaa attribute list AAA_SSLVPN_LIST username test_user password test_user ! ip local pool sslvpn-pool 172.16.1.2 172.16.1.62 ! ip access-list standard ACL_SSLVPN permit 10.128.0.0 0.0.255.255 ! interface Loopback172 description SSLVPN Anchor Interface ip address 172.16.1.1 255.255.255.0 ! interface Virtual-Template1 ip unnumbered Loopback172 peer default ip address pool sslvpn-pool ppp encrypt mppe 128 required ppp authentication ms-chap ms-chap-v2 sslvpn_auth_local ppp authorization sslvpn_auth_local ! crypto key generate rsa general-keys label SSLVPN-SSC modulus 1024 ! crypto ca trustpoint TP-SSLVPN-SSC enrollment selfsigned subject-name cn=sslvpn.example.com rsakeypair SSLVPN-SSC ! crypto pki enroll TP-SSLVPN-SSC ! crypto vpn anyconnect bootflash:/anyconnect-linux-64-3.1.05187-k9.pkg crypto vpn anyconnect profile sslvpn-profile bootflash:/anyconnect.xml ! crypto ssl proposal sslvpn-proposal protection rsa-3des-ede-sha1 rsa-aes128-sha1 ! crypto ssl policy sslvpn-policy ip address local 192.168.100.2 port 443 ssl proposal sslvpn-proposal pki trustpoint TP-SSLVPN-SSC sign no shut ! crypto ssl profile sslvpn-profile match policy sslvpn-policy aaa authentication list AAA_SSLVPN_LIST virtual-template 1 no shut ! crypto ssl authorization policy sslvpn-policy banner "SSL VPN tunnel" client profile sslvpn-profile keepalive 60 dns 10.128.53.10 10.128.53.11 netmask 255.255.255.0 pool sslvpn-pool route set access-list ACL_SSLVPN ! ip http secure-server