VPN concentrator and Client VPN (Anyconnect)

Hi,

I try to figure out if it is possible to use my MX64 as VPN concentrator and connect my phone via anyconnect to it.

I try to use the Internet connection where the MX resides to use a service which is restricted to countries. I configured the MX as concentrator and made the Anyconnect configuration. I can connect via VPN but get no Internet access nor can I connect to the local network. On ASA I made this constellation a lot of times so I know it is possible.

If someone have an idea I would be glad. I think I have to NAT, but in the concentrator state it is not possible I think.

EDIT:
I went back to routed mode instead of VPN concentrator and configured a fake inside network. I plugged in both wan and lan to the same router and can now use the Internet location of the router via VPN. The downside is that I can not connect to the local network, but that’s not a problem.

VPN concentrator is a fine way to go it just sounds like you were missing the static return route from your router to the AnyConnect subnet with next hop being the MX.

Why are you putting it in the VPN concentrator mode?

Yes, it can run in concentrator mode. I have my mx64 running this way at home.

That was exactly the problem. Unfortunately the damn consumer router from the service does not support static routes.

Hi, thank you for the reply. It is a simple home network with just one subnet, and the MX has no other purpose and is not the gateway

Double NAT with port forwarding if NAT traversal fine too. I was surprised when I dived into my consumer router (an ASUS high-end freebie from T-Mobile) supported static routes and a bunch of either features (like Client VPN).

I thought the MX can not nat if it is in concentrator mode?

It can’t but you got it working with double NAT by turning routed mode back on.