09-21-2022 04:37 AM
ISR C1111 with build in LTE modem and any connect
an external LTE modem either in passthrough mode or as a router
i am unable to get it to work so that i can connect through anyconnect to the C1111
the annyconnect is trying to use the wrong connection as back channel and the ike negotiation
times out after a bunch of "Packet is a retransmission"
Solved! Go to Solution.
09-21-2022 06:18 AM
remember when I mention in my previous comment for your previous post, that you may face asymmetric traffic.
so
we need to match the NAT with route to use both same interface otherwise you always face asymmetric issue.
so instead of default route use PBR
this is the traffic pass through Interafce-1 we will use NAT overload Interface-1
that simply the solution for your issue.
09-21-2022 04:52 AM
Post the configuration, if you turn off other connection and use only required ISP, is that works ?
09-21-2022 04:53 AM
Config guide: https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPN-AnyConnect-IKEv2-Remote-Access.html
ISR 1100 data sheet mentions FlexVPN support: https://www.cisco.com/c/en/us/products/collateral/routers/1000-series-integrated-services-routers-isr/datasheet-c78-739512.html
09-21-2022 04:58 AM
any connect works as long i have just ONE default gateway removing the one from the external lte and i can connect to the internal and vice versa
09-21-2022 06:14 AM
post the config also we need to see how your routing configured.
if you have loadshare between ISP, that may have casused the issue here.
until we see the config, i do not like to comment any furtehr or advise here.
09-21-2022 06:18 AM
remember when I mention in my previous comment for your previous post, that you may face asymmetric traffic.
so
we need to match the NAT with route to use both same interface otherwise you always face asymmetric issue.
so instead of default route use PBR
this is the traffic pass through Interafce-1 we will use NAT overload Interface-1
that simply the solution for your issue.
09-22-2022 12:47 PM
my current main concern is solved (using 2 isp at the same time for internet connection) by using pbr
but is still wouldnt now how i could pbr any connect
where would i put the policy?
interface Virtual-Template1 type tunnel
description Cisco AnyConnect IKEv2
ip unnumbered Loopback1
on the virual-templat on the loopback on the lte interface
no real concern any longer but still
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide