Right.. Got you.  Let's forget about the differing, and simultaneous VPN profiles and configurations on IOS .. and whether that will work or not.

What about the L2 extension .. That won't work with RA SSL VPN to workstation, right ?

Unless IOS can proxy-arp ? Thoughts/comments here ?

Please give me some time to extend my lab, I'll try to reproduce this setup here with some more machines.

Take your time. You're a good man.  Would appreciate what you can emulate and report back on.  Thanks !

Hi,

I dindn't get it to work. I was able to dial in via VPN and got an IP address of the local LAN but the there was no visible traffic on the VPN adapter on the client.

So I'd say you need a separate machine in the DC  where clients can login (or as you said a jumphost).

Also I don't think this will work with an 829 on the edge since you need 2 real routed ports for L2TPv3.

Right.....

http://www.cisco.com/c/en/us/products/collateral/routers/829-industrial-router/datasheet-c78-734981.html

Screenshot here - http://i.imgur.com/JkuJ6AH.png

Yes.. and only 4 x SWITCHports are on the device..

So it's not very accurate to state the 829 IR can do LTPv3 VPN then.. really...

I don't necessarily mind I can't extend the MAC of the workstation over RA SSL VPN with AnyConnect.. What I do have an issue with is not even able to get the LTPv3 working now.. from what you're telling me.. because of lack of L3 ports on the 800 series ?

< big thumbs up and a thankyou >

Legend !

http://www.cisco.com/c/en/us/support/docs/field-notices/642/fn64252.html

eek! Appreciate that ciscomax  . Thanks for sharing that.