hello everyone,
I'm trying to use a Cisco AWS CSR 1000 router as a SSL VNP terminator. I'm following instructions from below link (that is not a really well explained guide):
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_sslvpn/configuration/xe-3s/sec-conn-sslvpn-xe-3s-book.html#GUID-DCB20ADF-1F8E-434B-AE97-54802879F34F
For now I'm using local authentication with a username/password configured on the CSR Router (I will try after to authenticate users against corporate LDAP or Radius Server). After some working I'm able to connect with Cisco Anyconnect client to the pubblic IP of the CSR Router (Amazon Elastic) and, after successfully authenticate against local username, I received an IP address and all correct parameters .
Issue I have is that after SSL VPN connection is established, I'm not able to ping or reach any IP destination inside Cloud Amazon or my Corporate network that is connected to Amazon via IPSec VPN. Also Amazon internal Default Gateway is not reachable from the SSL client. Only destination I'm able to ping is IP address of CSR router (172.30.16.10).
All internal IP destinations are reachable when I try to ping them from the CSR 1000 router CLI.
Any suggestion is welcome, I did several tests without being able to solve the issue .....
Thanks in advance to everyone.
Regards,
Paolo
