Hi Kings, Can you please elaborate in more details? From your debug output I see that you use an external RADIUS. Is there a sample task for it? I can confirm that it works for me (even in production environment) but I use the locally configured webvpn policy:
webvpn context WEBVPN_CNTXT policy group WEBVPN_POL svc split include 192.168.1.0 255.255.255.0 Eugene From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: 11 April 2012 10:16 To: [email protected] Subject: [OSL | CCIE_Security] IOS Anyconnect issues with Radius Hi all When I try configuring IOS Webvpn, the "split-include=" has never taken been by the IOS for me till today and all traffic is roted to the webvp gateway. Has anyone been successful i doing it? I heard that it is bug. Need to confirm. rver 8.9.2.100 Apr 11 17:08:56.072: RADIUS(00000000): Send Access-Request to 8.9.2.100:1645<http://8.9.2.100:1645> id 1645/7, len 49 Apr 11 17:08:56.072: RADIUS: authenticator F6 5E 51 F8 51 31 D3 AA - 73 E2 93 6 8 73 38 CC 95 Apr 11 17:08:56.072: RADIUS: User-Name [1] 5 "web" Apr 11 17:08:56.072: RADIUS: User-Password [2] 18 * Apr 11 17:08:56.072: RADIUS: NAS-IP-Address [4] 6 8.9.50.4 Apr 11 17:08:56.120: RADIUS: Received from id 1645/7 8.9.2.100:1645<http://8.9.2.100:1645>, Access-Acce pt, len 195 Apr 11 17:08:56.120: RADIUS: authenticator 01 5C E3 5E 69 2F 74 B9 - AC 75 EE 9 1 A2 BA R4#8D 2C Apr 11 17:08:56.120: RADIUS: Framed-IP-Address [8] 6 255.255.255.255 Apr 11 17:08:56.120: RADIUS: Vendor, Cisco [26] 29 Apr 11 17:08:56.120: RADIUS: Cisco AVpair [1] 23 "webvpn:addr-pool=ad dr" Apr 11 17:08:56.120: RADIUS: Vendor, Cisco [26] 53 Apr 11 17:08:56.120: RADIUS: Cisco AVpair [1] 47 "webvpn:split-includ e="8.9.50.0 255.255.255.0"" Apr 11 17:08:56.124: RADIUS: Vendor, Cisco [26] 28 Apr 11 17:08:56.124: RADIUS: Cisco AVpair [1] 22 "webvpn:svc-enabled= 1" Apr 11 17:08:56.124: RADIUS: Vendor, Cisco [26] 35 Apr 11 17:08:56.124: RADIUS: Cisco AVpair [1] 29 "webvpn:keep-svc-ins talled=1" Apr 11 17:08:56.124: RADIUS: Class [25] 24 Apr 11 17:08:56.124: RADIUS: 43 41 43 53 3A 30 2F 62 31 30 2F 38 30 39 33 32 [CACS:0/b10/80932] Apr 11 17:08:56.124: RADIUS: 30 34 2F 77 65 62 [04/web] Apr 11 17:08:56.124: RADIUS(00000000): Received from id 1645/7 Apr 11 17:08:56.124: RADIUS(00000000): Unique id not in use Apr 11 17:08:56.124: RADIUS/DECODE(00000000): There is no RADIUS DB Some Radius attributes may not be stored R4# R4# Apr 11 17:09:01.760: WV-TUNL: Received server IP packet 0x4871D844: Apr 11 17:09:01.760: sslvpn_vif failed to receive pak in process path R4# Apr 11 17:09:11.372: WV-TUNL: Received server IP packet 0x4871F310: Apr 11 17:09:11.372: sslvpn_vif failed to receive pak in process path R4# Apr 11 17:09:12.992: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: gate i _vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at 8.9.2.200<http://8.9.2.200>: 2152 With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
