Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
380
Views
0
Helpful
0
Replies

What commands: Anyconnect ROUTER config to allow client access to LAN and WAN through tunnel?

Tony_MN
Level 1
Level 1

‎04-29-2020 09:41 AM

Hi,

I have been working on a configuration with two routers, one (RouterA) connected to ISP with inside address 172.25.252.1, the second (RouterB) connected to RouterA with address 172.25.252.98. The Anyconnect config is on the inside RouterB. (I already have ports forwarded to log into anyconnect.)

I would like to be able to connect to my RouterB with Anyconnect and get sent back out to both the 172.25.252.0 network provided by Router A, as well as get outside to the Internet via RouterA on GE0/0 interface.

 

Currently I have tried a few different lines and been able to get to the 172.25.25.0 network in between the two routers. I cannot seem to get to the internet. 

 

What commands are missing? Config is below

 

Thank you!

Tony

 

Here is config:

28#show run
Building configuration...


Current configuration : 5966 bytes
!
! Last configuration change at 16:22:20 UTC Wed Apr 29 2020 by tony
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 28
!
boot-start-marker
boot-end-marker
!
!
logging buffered 4096
enable secret 4 qvTXvcZ0IbTKI
!
aaa new-model
!
!
aaa authentication login TEST_AAA local
!
!
!
!
!
aaa session-id common
!
dot11 syslog
ip source-route
!
!
!
!
!
ip cef
ip name-server 1.0.0.1
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
crypto pki server IOS-CA
database level complete
grant auto
crypto pki token default removal timeout 0
!
crypto pki trustpoint IOS-CA
revocation-check crl
rsakeypair IOS-CA
!
crypto pki trustpoint TEST
enrollment url http://172.25.252.98:80
serial-number
subject-name CN=TEST
revocation-check none
rsakeypair TEST
!
!
crypto pki certificate chain IOS-CA
certificate ca 01
308201FB 30820164 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
11310F30 0D060355 04031306 494F532D 4341301E 170D3230 30343235 30313134
35325A17 0D323330 34323530 31313435 325A3011 310F300D 06035504 03130649
4F532D43 4130819F 300D0609 2A8
quit
crypto pki certificate chain TEST
certificate 02
308201CC 30820135 A0030201 02020102 300D0609 2A864886 F70D0101 05050030
11310F30 0D060355 04031306 494F532D 4341301E 170D3230 30343235 30323033
31325A17 0D323130 34323530 32303331 325A303A 310D300B 06035504 03130454
45535431 29301206 03550405 130B4654 58303933 30573241 31301306 092A8648
86F70D01 09021606 526F7574 6572305C 300D0609 2A864886 F70D0101 01050003
4B003048 
quit
certificate ca 01
308201FB 30820164 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
11310F30 0D060355 04031306 494F532D 4341301E 170D3230 30343235 30313134
35325A17 0D323330 34323530 31313435 325A3011 310F300D 06035504 03130649
4F532D43 4130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100958A F33D51DC 6DAC5B1B 562B120E 43C20328 61D82CAA 6A077323 3F8FD6F8
079BE78E B6CF7624 672BDC15 3A593D86 D48A92C5 23772C14 2FD60B15 F06ED9CC
8B8F2961 2D382F53 7F301AB7 84616D48 D4300CC1 9DD43A4B A3BABB8B 1C8FD61A
FFAB3220 B192206D 8ED69D3E 85844B6D AA78DBB4 B88AB86A 63056493 81069E6D
A6BD0203 0100
quit
!
!
license udi pid CISCO2801 sn FTX0930W2A1
license accept end user agreement
username Tony privilege 15 secret 4 TUHrjiz0IbTKI
!
redundancy
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 172.16.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 172.25.252.98 255.255.254.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1/0
no ip address
shutdown
no fair-queue
!
interface Serial0/3/0
no ip address
shutdown
!
interface Virtual-Template1
ip unnumbered Loopback0
!
ip local pool TEST_POOL 192.168.10.1 192.168.10.10
ip default-gateway 172.25.252.1
ip forward-protocol nd
!
!
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.25.252.1
!
access-list 1 permit 192.168.0.0 0.0.255.255
!
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
transport input ssh
!
scheduler allocate 20000 1000
!
webvpn gateway TEST_GATEWAY
ip address 172.25.252.98 port 4443
ssl trustpoint TEST
logging enable
inservice
!
webvpn context TEST_Context
ssl authenticate verify all
!
!
policy group TEST_Policy
functions svc-enabled
svc address-pool "TEST_POOL" netmask 255.255.255.0
svc dns-server primary 8.8.8.8
virtual-template 1
default-group-policy TEST_Policy
aaa authentication list TEST_AAA
gateway TEST_GATEWAY
inservice
!
end

28#

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents