Hi. I have a Cisco ISR 4331 router. I`ve set up IPSec VPN for site-to-site and clients (IKEv2 AnyConnect) for long ago so far...
Now our remote workers say from time to time that they have problems with IPSec connectivity from hotels and so on... so usual IPSec (UDP4500, ESP) issue with ISPs.
So I`ve decided to work out an option with simultaneous IPSec and SSL client VPN to our network but I got some problems and questions that want to address here:
1. I can`t do 'webvpn' on my ISR... Seems some licensing problems (or it`s like ISR4K don`t support SSL VPN at all?
Cisco IOS XE Software, Version 16.07.01
Cisco IOS Software [Fuji], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.7.1, RELEASE SOFTWARE (fc6)
#show license feature
Feature name Enforcement Evaluation Subscription Enabled RightToUse
appxk9 yes yes no no yes
uck9 yes yes no no yes
securityk9 yes yes no yes yes
ipbasek9 no no no yes no
FoundationSuiteK9 yes yes no no yes
AdvUCSuiteK9 yes yes no no yes
cme-srst yes yes no no yes
hseck9 yes no no no no
throughput yes yes no no yes
internal_service yes no no no no
2. Is it possible to have both IPSec and SSL endpoints for clients to choose from on one ISR? Now my clients get a distro with AnyConnect and profile file to connect via IPSec... How can I give them an option to try SSL if they fail to connect through IPSec? (like two sets of Cisco ANyConnect Profiles or smth...)
3. I don`t want to have Web-server on my ISR to deploy AnyConnect (all my remote clients have it so far)... But it seems that every time a SSL VPN user has to use the web-interface to connect. Am I wrong?
Listen: https://smarturl.it/CCRS8E38 Follow us: twitter.com/CiscoChampionAdding learning capabilities to the internet will increase the overall network SLO and application experience. Real data driven experiments have shown that such an approach...
Listen: https://smarturl.it/CCRS8E37Follow us: twitter.com/ciscochampionSometimes, situations require temporary fixes. Sometimes, the network becomes an afterthought in overall office design and planning. In either situation, it may require netw...
In this special edition of the Insider Series, we hear from Cisco partners who have taken steps to be more eco-friendly and sustainable. We hear what inspires ASHRAE, Southwire, Igor, and NTT to create a workplace that is centered around people and how th...
We know that the Type-1 LSA describes the link type connected to the router, the neighbor router and the subnet number.In this topology, assume we dont have a Type-2 LSA, so each router will create its own Type-1 LSA, the Type-1 LSA will describe the neig...
Here are some commonly asked questions and answers to help with your adoption of Cisco DNA Center Wireless. Subscribe to this post to stay up-to-date with the latest Q&A and recommended Ask the Experts (ATXs) sessions to attend.
Q. I have a Cisco Appl...