I can only Connect to the VPN but cannot ping anything . Here is the complete Config. I want to set up a easy VPN for Training . I have set now a acl in the crypto group but not working. 

version 15.3

service config

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

aqm-register-fnf

!

no logging console

!

aaa new-model

!

!

aaa authentication login VPN1 local

aaa authorization network VPN2 local 

!

!

!

!

!

aaa session-id common

service-module wlan-ap 0 bootimage autonomous

!

!

!

!

!

!

!

ip dhcp excluded-address 192.168.51.1 192.168.51.10

ip dhcp excluded-address 192.168.51.100 192.168.51.254

!

ip dhcp pool LAN

 network 192.168.51.0 255.255.255.0

 default-router 192.168.51.1 

 dns-server 192.168.51.1 

!

!

!

ip inspect name FW tcp router-traffic

ip inspect name FW udp router-traffic

ip inspect name FW icmp router-traffic

ip inspect name FW ftp

ip cef

no ipv6 cef

!

!

!

!

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

license udi pid C891FW-E-K9 sn xxxxxxxxxxxxx

!

!

username user secret 5 $1$mAfgfgfgfdgfdggfk4V0bDmw.

!

!

!

!

!

! 

!

crypto isakmp policy 10

 encr 3des

 hash md5

 authentication pre-share

 group 2

!

crypto isakmp client configuration group cisco

 key Key123

 pool VPNPOOL

 acl 120

!

!

crypto ipsec transform-set set1 esp-3des esp-md5-hmac 

 mode tunnel

!

!

!

crypto dynamic-map map1 10

 set transform-set set1 

!

!

crypto map map1 client authentication list VPN1

crypto map map1 isakmp authorization list VPN2

crypto map map1 client configuration address respond

crypto map map1 10 ipsec-isakmp dynamic map1 

!

!

!

!

!

!

interface BRI0

 no ip address

 encapsulation hdlc

 shutdown

 isdn termination multidrop

!

interface FastEthernet0

 no ip address

 shutdown

 duplex auto

 speed auto

!

interface GigabitEthernet0

 no ip address

!

interface GigabitEthernet1

 no ip address

!

interface GigabitEthernet2

 no ip address

!

interface GigabitEthernet3

 no ip address

!

interface GigabitEthernet4

 no ip address

!

interface GigabitEthernet5

 no ip address

!

interface GigabitEthernet6

 no ip address

!

interface GigabitEthernet7

 no ip address

!

interface GigabitEthernet8

 ip address dhcp

 ip access-group OUTSIDE-IN in

 ip inspect FW out

 duplex auto

 speed auto

 crypto map map1

!

interface Wlan-GigabitEthernet8

 no ip address

!

interface wlan-ap0

 description Embedded Service module interface to manage the embedded AP

 no ip address

!         

interface Vlan1

 ip address 192.168.51.1 255.255.255.0

!

interface Vlan10

 ip address 192.168.52.1 255.255.255.0

!

interface Async3

 no ip address

 encapsulation slip

!

ip local pool VPNPOOL 192.168.52.100 192.168.52.150

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip route 0.0.0.0 0.0.0.0 192.168.50.1

ip route 0.0.0.0 0.0.0.0 GigabitEthernet8

!

ip access-list extended INSIDE-OUT

 permit ip any any

ip access-list extended OUTSIDE-IN

 permit udp any any eq isakmp non500-isakmp

 deny   ip any any

!

!

access-list 120 permit ip 192.168.51.0 0.0.0.255 192.168.52.0 0.0.0.255

!

!

!

control-plane

!

!

!

mgcp behavior rsip-range tgcp-only

mgcp behavior comedia-role none

mgcp behavior comedia-check-media-src disable

mgcp behavior comedia-sdp-force disable

!

mgcp profile default

!         

!

!

!

!

line con 0

 no modem enable

line aux 0

line 2

 no activation-character

 no exec

 transport preferred none

 transport input all

 stopbits 1

line 3

 modem InOut

 speed 115200

 flowcontrol hardware

line vty 0 4

 transport input all

!

scheduler allocate 20000 1000

!

end

Wow thank you - now it works ;o))

Is it possible to connect with a any Connect Client to this kind of VPN ??

In general yes, but not with that config. And you need to license the AnyConnect client.

Ok thank you for your Help

How i can get information about the any Connect Licence ?? 

AnyConnect Ordering Guide

AnyConnect Licensing Frequently Asked Questions (FAQ)

Here is a guide for configuring the router for AnyConnect. A little bit older, but should still work:

AnyConnect: Configure Basic SSLVPN for IOS Router Headend With the Use of CLI

Perfect thank you. I have orderd a FL-WEBVPN-10-K9 pack for my C891F Router. I have also a C891FW for testing. Is it possible to activate a Demo WebVPN licence on the Test Router for Testing it first ??

Not sure how you ordered that, as this license is EOS. And if you could buy it, I expect that it won't give you any download-rights on the AnyConnect software. As pointed out in the ordering guide and FAQ, you need the AnyConnect PLUS-License.

I have bought it at a dealer by EBay. I got the Licence but there is no PAK code included. Only a Letter . "This Letter serves as a feature license that entitles you to activate WebVPN in one Cisco IOS Device...."How i can activate now the licence in my Router ??

Ok it was a RTU (right to use)license. The dealer give me now a FL-SSLVPN10-K9 which it was a license with a PAK code. I hope i can activate it. It is also EOL but i need it only for Privat Training. Licensing is very complicated witch Cisco ;o))