05-14-2014 09:34 AM - edited 03-11-2019 09:12 PM
folks
i have an asa 5540 running 8.4 (6) which i use for ssl vpn to its outside interface
the appliance has started dropping existing vpn sessions and refusing new connections
when i try to telnet to its outside interface its not listening on tcp 443
if i uncheck the enable anyconnect client on the external interface, apply then check it again and apply the appliance starts listening again and vpns reconnect
has anyone seen this before or can you suggest some troubleshooting?
when i run any webvpn or crypto ca debugs there are no logs but i suppose this is because the interface is not listening on 443 to accept incoming requests
thanks to anyone taking the time to respond
05-14-2014 02:34 PM
show vpn-session detail and show version please
05-15-2014 01:56 AM
jumora
i don't have any live vpn sessions at the moment so here's the show version
Cisco Adaptive Security Appliance Software Version 8.4(6)
Device Manager Version 6.4(7)
Compiled on Fri 26-Apr-13 09:00 by builders
System image file is "disk0:/asa846-k8.bin"
Config file at boot was "startup-config"
kappelhoff up 1 day 19 hours
Hardware: ASA5540, 2048 MB RAM, CPU Pentium 4 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.06
Number of accelerators: 1
0: Ext: GigabitEthernet0/0 : address is 001e.4a4c.32be, irq 9
1: Ext: GigabitEthernet0/1 : address is 001e.4a4c.32bf, irq 9
2: Ext: GigabitEthernet0/2 : address is 001e.4a4c.32c0, irq 9
3: Ext: GigabitEthernet0/3 : address is 001e.4a4c.32c1, irq 9
4: Ext: Management0/0 : address is 001e.4a4c.32c2, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 50 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 5000 perpetual
Total VPN Peers : 5000 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has an ASA 5540 VPN Premium license.
Serial Number: XXXXXXXXXXX
Running Permanent Activation Key:
Configuration register is 0x1
Configuration last modified by xxxxxxxx at 20:57:41.619 bst Wed May 14 2014
05-16-2014 10:40 AM
show run webvpn
05-16-2014 05:49 PM
show asp table socket
05-19-2014 03:04 AM
jumora
i resolved my issue
the problem lay with a duplicate ip
someone had issued my asa outside address to another application and this was causing intermittent issues with te arp table
thanks for your help
greatly appreciated
05-19-2014 05:13 AM
Thanks for letting us know! +5 for contributing the correct answer. :)
05-19-2014 07:29 AM
no problem marvin
suppose every solution helps make folks think a bit more!
05-19-2014 10:14 AM
I did not see that you had already resolved the ticket, well then lets mark this ticket as answered.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide