cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
639
Views
0
Helpful
1
Replies

AnyConnect to IOS 15.4

Jack Mead
Level 1
Level 1

I have configured a Cisco 2921 router (with IOS 15.4) for IKEv2 and AnyConnect (4.4.00243) with Suite-B Cryptography, including certificates of course. This router has a L3 24 port Enhanced EtherSwitch Service Module SM-ES3G-24-P. I have 3 different sets of ikev2 profileikev2 authorization policy and ipsec profile, along with three different and unique IP pools. The 2921 has a default route to the Internet and static routes to the networks on the EtherSwitch Service Module. The 2921 virtual link G1/0 is configured with 172.16.7.254 and the G0/26 on the Service Module is configured 172.16.7.253. The Service Module has a default route to 172.16.7.254

I do not have any problem connecting to the router with AnyConnect; if I connect with three different certificates I get three different IP addresses, just like I should. Also, I do not have any problem pinging the 172.16.7.253 or 172.16.7.254 addresses. The problem I have is accessing any network beyond the directly connected networks on the 2921; for example:


crypto ikev2 authorization policy vpn_users_g1
pool vpn_users_g1
route set interface
route set remote ipv4 192.168.2.0 255.255.255.0
route set remote ipv4 192.168.5.0 255.255.255.0
route set remote ipv4 172.16.7.0 255.255.255.0

I can access the 172.16.7.0/24 network, which is directly connected to the 2921, but I can not access the other two networks, which are connected to the EtherSwitch Service Module. In this case I can access the Internet because of the split tunnel. On the other hand if I do this:


crypto ikev2 authorization policy vpn_users_g1
pool vpn_users_g1
route set interface

I can not access the Internet or any internal network regardless if it is connected to the 2921 or to the EtherSwitch Service Module, even though all traffic should be secured because there is no split tunnel. I have tried quite a few variants, but always with only partial success. It sounds like an ARP problem, but I can't pin it down.

Thanks for your help, 

jm

1 Reply 1

Marwan Urabi
Level 1
Level 1

Good Day.

 

I have same IOS router 2921 with version 15.4 , I try a lot to make AnyConnect work with it but no luck , so please if you have a working configuration for AnyConnect can you please share it for testing .

 

with many thanks .

 

Marwan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: