Hello,

I'm trying configuring SSL VPN on Cisco Router (CISCO2921/K9, IOS Version 15.7(3)M3, License: securityk9). But it doesn't work. What I'm doing wrong?

There is my config:

crypto vpn anyconnect flash0:/webvpn/anyconnect-win-4.0.02052-k9.pkg sequence 1

crypto key generate rsa label SSLVPN_KEYPAIR modulus 2048

crypto pki trustpoint SSLVPN_CERT
enrollment selfsigned
subject-name CN=*.*.*
revocation-check none
rsakeypair SSLVPN_KEYPAIR

aaa new-model

aaa authentication login SSLVPN_AAA local

username User  secret  Password

interface Loopback65
description SSL-VPN-INTERFACE
ip address 192.168.65.254 255.255.255.255

interface Virtual-Template65
description SSL-VPN-INTERFACE
ip unnumbered Loopback65

ip local pool SSLVPN_POOL 192.168.65.100 192.168.65.115

ip http secure-server
ip http secure-trustpoint SSLVPN_CERT

ip access-list standard SPLIT-TUNNEL
192.168.20.0 0.0.0.255

ip access-list extended Filter
permit ip 192.168.65.0 0.0.0.255 192.168.20.0 0.0.0.255

webvpn gateway SSLVPN_GATEWAY
ip address *.*.*.* port 443
ssl trustpoint SSLVPN_CERT
inservice
!
webvpn context SSL_Context
title "WEB-VPN"
login-message "WEB-VPN Login"
virtual-template 65
aaa authentication list SSLVPN_AAA
gateway SSLVPN_GATEWAY
max-users 15
!
ssl authenticate verify all
inservice
!
policy group SSL_Policy
functions svc-enabled
timeout idle 1800
filter tunnel Filter
svc address-pool "SSLVPN_POOL" netmask 255.255.255.0
svc default-domain "DOMAIN.COM"
svc split include acl SPLIT-TUNNEL

svc dns-server primary 192.168.20.20
default-group-policy SSL_Policy

Also when I try do "crypto pki enroll SSLVPN_CERT", I see this error: % Attempt to request a certificate failed: status = FAIL