R1(config)#ip http server 

R1(config)#crypto pki server R1CA
R1(cs-server)#issuer-name cn="R1CA"
R1(cs-server)#grant auto
R1(cs-server)#no shutdown

R1(config)#ip domain name NWL.LAB
R1(config)#crypto pki trustpoint R1CLIENT
R1(ca-trustpoint)#enrollment url http://192.168.1.1
R1(ca-trustpoint)#subject-name cn=R1CLIENT.CONTOSO.COM
R1(config)#crypto pki authenticate R1CLIENT
R1(config)#crypto pki enroll R1CLIENT


R1(config)#aaa new-model

R1(config)#aaa authentication login AAA_AUTHENTICATION_LOGIN local
R1(config)#aaa authorization network AAA_AUTHORIZATION_NETWORK local 

R1(config)#username test password mojehaslo

R1(config)#crypto ikev2 authorization policy IKEV2_AUTHORIZATION_POLICY
R1(config-ikev2-author-policy)#pool VPN_POOL
R1(config-ikev2-author-policy)#def-domain CONTOSO.COM
R1(config-ikev2-author-policy)#route set remote ipv4 1.1.1.1 255.255.255.255
R1(config-ikev2-author-policy)#dns 1.1.1.1
R1(config)#ip local pool VPN_POOL 192.168.10.5 192.168.10.10

	
R1(config)#crypto ikev2 proposal IKEV2_PROPOSAL 
R1(config-ikev2-proposal)#encryption aes-cbc-256
R1(config-ikev2-proposal)#integrity sha256
R1(config-ikev2-proposal)#group 14
	
R1(config)#crypto ikev2 policy default
R1(config-ikev2-policy)#proposal IKEV2_PROPOSAL

R1(config)#crypto ikev2 profile IKEV2_PROFILE
R1(config-ikev2-profile)#match identity remote key-id *$AnyConnectClient$*
R1(config-ikev2-profile)#authentication local rsa-sig
R1(config-ikev2-profile)#authentication remote anyconnect-eap aggregate
R1(config-ikev2-profile)#pki trustpoint R1-CLIENT
R1(config-ikev2-profile)#aaa authentication anyconnect-eap AAA_AUTHENTICATION_LOGIN
R1(config-ikev2-profile)#aaa authorization group anyconnect-eap list AAA_AUTHORIZATION_NETWORK IKEV2_AUTHORIZATION_POLICY
R1(config-ikev2-profile)#virtual-template 1

R1(config)#crypto ipsec transform-set TRANSFORM_SET esp-aes 256 esp-sha256-hmac      
R1(cfg-crypto-trans)#mode tunnel

R1(config)#crypto ipsec profile IKEV2_PROFILE
R1(ipsec-profile)#set transform-set TRANSFORM_SET
R1(ipsec-profile)#set ikev2-profile IKEV2_PROFILE

R1(config)#interface Virtual-Template1 type tunnel
R1(config-if)#ip unnumbered Loopback0
R1(config-if)#ip mtu 1400
R1(config-if)#tunnel mode ipsec ipv4
R1(config-if)#tunnel protection ipsec profile IKEV2_PROFILE