My environment: IOS 15.1(3)T on ISR 892
I have been spending quite a lot of time on the road and it is much convenient if I have a way to remote access back to my home network. In my home network I have setup the SSL VPN for remote access, as well as DDNS as I don’t have a fixed IP address for my home internet access.
1. You can register an account in dyndns.org to get your own DDNS entry
2. Then you can configure DDNS update on the router, whenever there is an address change, it will update dyndns.org dynamically.
ip ddns update method DynDNS
interval maximum 1 0 0 0
3. Under your internet facing interface, configure the following command:
ip ddns update hostname panda.dyndns.org
ip ddns update DynDNS host members.dyndns.org
4. These are the webvpn configuration of my router, you can modify it for your own setup:
ip local pool vpn-pool 192.168.20.205 192.168.20.215
webvpn gateway panda.dyndns.org
ip address 18.104.22.168 port 443
ssl trustpoint TP-self-signed-3650870944
webvpn install svc flash:/webvpn/svc_1.pkg sequence 1
webvpn install svc flash:/webvpn/anyconnect-macosx-i386-2.3.2016-k9.pkg.zip sequence 2
webvpn context panda-context
ssl authenticate verify all
login-message "Welcome to Panda's home"
policy group panda-group
banner "Login Successful"
svc address-pool "vpn-pool"
svc default-domain "panda.com"
svc rekey method new-tunnel
svc split include 192.168.20.0 255.255.252.0
svc dns-server primary 22.214.171.124
svc split is the split tunnel configuration that allows inserting a specific route to the client’s routing table. svc split include means that only this route will be inserted to the host, other routes including default route will be based on the client’s own routing table.
5. Then you can use the AnyConnect client to remote access in full tunnel mode.