cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2037
Views
5
Helpful
8
Replies

asa stops listening on ports 443 for ssl vpn request

mulhollandm
Level 1
Level 1

folks

i have an asa 5540 running 8.4 (6) which i use for ssl vpn to its outside interface

the appliance has started dropping existing vpn sessions and refusing new connections

when i try to telnet to its outside interface its not listening on tcp 443

if i uncheck the enable anyconnect client on the external interface, apply then check it again and apply the appliance starts listening again and vpns reconnect

has anyone seen this before or can you suggest some troubleshooting?

when i run any webvpn or crypto ca debugs there are no logs but i suppose this is because the interface is not listening on 443 to accept incoming requests

thanks to anyone taking the time to respond

 

 

 

8 Replies 8

jumora
Level 7
Level 7

show vpn-session detail and show version please

Value our effort and rate the assistance!

jumora

i don't have any live vpn sessions at the moment so here's the show version

Cisco Adaptive Security Appliance Software Version 8.4(6)
Device Manager Version 6.4(7)

Compiled on Fri 26-Apr-13 09:00 by builders
System image file is "disk0:/asa846-k8.bin"
Config file at boot was "startup-config"

kappelhoff up 1 day 19 hours

Hardware:   ASA5540, 2048 MB RAM, CPU Pentium 4 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.06
                             Number of accelerators: 1

 0: Ext: GigabitEthernet0/0  : address is 001e.4a4c.32be, irq 9
 1: Ext: GigabitEthernet0/1  : address is 001e.4a4c.32bf, irq 9
 2: Ext: GigabitEthernet0/2  : address is 001e.4a4c.32c0, irq 9
 3: Ext: GigabitEthernet0/3  : address is 001e.4a4c.32c1, irq 9
 4: Ext: Management0/0       : address is 001e.4a4c.32c2, irq 11
 5: Int: Not used            : irq 11
 6: Int: Not used            : irq 5
             
Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 200            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Enabled        perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 50             perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 5000           perpetual
Total VPN Peers                   : 5000           perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual

This platform has an ASA 5540 VPN Premium license.

Serial Number: XXXXXXXXXXX
Running Permanent Activation Key:

Configuration register is 0x1
Configuration last modified by  xxxxxxxx at 20:57:41.619 bst Wed May 14 2014

 

show run webvpn

Value our effort and rate the assistance!

show asp table socket

Value our effort and rate the assistance!

mulhollandm
Level 1
Level 1

jumora

i resolved my issue

the problem lay with a duplicate ip

someone had issued my asa outside address to another application and this was causing intermittent issues with te arp table

thanks for your help

greatly appreciated

Thanks for letting us know! +5 for contributing the correct answer. :)

 

no problem marvin

suppose every solution helps make folks think a bit more!

 

I did not see that you had already resolved the ticket, well then lets mark this ticket as answered.

Value our effort and rate the assistance!
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: