Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
981
Views
0
Helpful
5
Replies

Cisco ASA 5510 8.2 Clientless VPN Error !!

Neji Jihed
Level 1
Level 1

‎11-21-2013 08:51 AM - edited ‎03-11-2019 08:08 PM

Hello !!

I  m posting this subject seeking support, well i have been trying to set  up a clientless vpn connection on my ASA 5510, but every time i apply  the configuration and try it, it's not working and i can't figure out  the reason , i have been using GNS3 for a 5520 ASA and i could set up  the Clientless VPN but on the live production FW which is a 5510 i  always get an error page saying the requested url was not found, in  addition that when typing the URL i get redirected to other sub folder,  for exemple when going to https://X.X.X.X/webpn i will go under https://X.X.X.X/admin/webvpn,

I  m using ASDM to set up the config but in this case i will print the  command brief for the config i have done using ASDM alose but i want to  mention that i didn't check the outside interface for this time to allow  connection profile coming from the outside, i usually do this but i  maybe forgot this time, any way it didn't work for me in both cases,

I  want to mention one last thing before the config, i changed the https  acces port from 443 to 60443 for security but i also tried accessing  https:/:X.X.X.X:60443/webvpn with the same error page

      username jneji password 39oh91mbAyDw0FqP encrypted privilege 2

      username jneji attributes

        service-type remote-access

        group-lock value WebVPN-Connection-Profile

        webvpn

          hidden-shares none

          file-entry enable

          file-browsing enable

          url-entry enable

      username jneji attributes

        vpn-group-policy WebVPNPolicy

      group-policy WebVPNPolicy internal

      group-policy WebVPNPolicy attributes

        vpn-access-hours none

        vpn-simultaneous-logins 3

        vpn-tunnel-protocol webvpn

        banner none

        banner value Hello World !!

      tunnel-group WebVPN-Connection-Profile type remote-access

      tunnel-group WebVPN-Connection-Profile general-attributes

        default-group-policy WebVPNPolicy

      tunnel-group WebVPN-Connection-Profile webvpn-attributes

        group-alias WebVPN enable

        group-url https://X.X.X.X/webvpn enable

I did ceated the group policy first, the connection profile and finaly the user and linked them all together,

feel free to ask any question

Thanks in advance.

Cordially

Labels:
0 Helpful
5 Replies 5

Marius Gunnerud
VIP
VIP

‎11-24-2013 09:13 AM

You do not have the following configuration in your output...add this and test again.

webvpn

  enable outside

--

Please rate all helpful posts.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Marius Gunnerud
VIP
VIP
In response to Marius Gunnerud

‎11-24-2013 09:15 AM

where outside is the name of the interface that you want the VPN to terminate on.

--

Please rate all helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Neji Jihed
Level 1
Level 1
In response to Marius Gunnerud

‎11-24-2013 04:53 PM

Hello

I have adjusted the config as you suggested

      webvpn

        enable outside

      username JNEJI password XXkekkYMLpfun3!9ujxtYWy4RS4PzH9eZgf encrypted privilege 2

      username JNEJI attributes

        service-type remote-access

        group-lock value WebVPN-Connection-Profile

        vpn-group-policy WebVPN-Policy

      group-policy WebVPN-Policy internal

      group-policy WebVPN-Policy attributes

        vpn-access-hours none

        vpn-simultaneous-logins 3

        vpn-tunnel-protocol webvpn

        webvpn

          hidden-shares none

          file-entry enable

          file-browsing enable

          url-entry enable

      group-policy WebVPN-Policy attributes

        banner none

        banner value THIS IS A PRIVATE NETWORK SYSTEM !!!

      tunnel-group WebVPN-Connection-Profile type remote-access

      tunnel-group WebVPN-Connection-Profile general-attributes

        default-group-policy WebVPN-Policy

      tunnel-group WebVPN-Connection-Profile webvpn-attributes

        group-alias WebVPN enable

        group-url https://X.X.X.X/webvpn enable

But its not working,

BTW i have found a static nat rule saying to rediredt all traffic comming on HTTPS port to an old web server IP and i deleted it, but still dont work

Here the image of the error attached

0 Helpful

Marius Gunnerud
VIP
VIP
In response to Neji Jihed

‎11-24-2013 11:48 PM

Do you get to the login screen or do you get the 404 error right away?

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Marius Gunnerud
VIP
VIP
In response to Marius Gunnerud

‎11-24-2013 11:55 PM

I think this is your issue

group-url https://X.X.X.X/webvpn enable

You have specified a group-policy that is not configured.  Change it to the following and test.

group-url https://X.X.X.X/WebVPN-Policy enable

--

Please rate all helpful posts.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card