No Luck.

I did "no webvpn"

then "no http server enable" then "http server enable" just for kicks to restart it.

I still get the exact same results

I am not the biggest wireshark gurro but here is what the capture shows from the client side when I try to connect to it.

I am now trying it from a different PC, so the client address changed to 192.168.101 still directly connected to the asa

Hello,

Okey 2 more left haha.

so

https://ip_inside/admin  did not do it.

The capture shows the inside client sending a FIN packet for the closure of the session Then the ASA replies to that.

do

crypto key generate rsa label SSL
crypto ca trustpoint localtrust
enrollment self

keypair sslvpnkeypair
exit


crypto ca enroll localtrust noconfirm

ssl trust-point localtrust inside

Then try to connect again.

By the way what do the ASA logs say when you attempt to connect

 
 
 
 

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

I was hopeful on that one, but the same results still exist.

ciscoasa# show logging asdm

5|Dec 05 2013 07:23:42|111008: User 'enable_15' executed the 'logging asdm informational' command.

5|Dec 05 2013 07:23:43|111008: User 'enable_15' executed the 'logging device-id hostname' command.

5|Dec 05 2013 07:23:46|111005: console end configuration: OK

6|Dec 05 2013 07:23:50|110002: Failed to locate egress interface for UDP from inside:192.168.1.101/60961 to 10.30.15.25/161

6|Dec 05 2013 07:24:02|110002: Failed to locate egress interface for UDP from inside:192.168.1.101/60961 to 10.30.15.25/161

6|Dec 05 2013 07:24:14|110002: Failed to locate egress interface for UDP from inside:192.168.1.101/60962 to 10.30.15.25/161

6|Dec 05 2013 07:24:26|110002: Failed to locate egress interface for UDP from inside:192.168.1.101/60962 to 10.30.15.25/161

6|Dec 05 2013 07:25:02|302010: 1 in use, 5 most used

fyi these are my logging settings

ciscoasa# show run log

logging enable

logging timestamp

logging console warnings

logging buffered warnings

logging trap warnings

logging asdm informational

logging device-id hostname

It does not make any sense why the PC is sending a FIN packet,

You told me you did not capture anything on the ASA right?

show cap capin shows nothing?

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

this might be helpful, I just got an error when i tried to connect..

Dec 05 2013 07:43:17 ciscoasa : %ASA-4-402123: CRYPTO: The ASA hardware accelerator encountered an error (Invalid Scatter/Gather Write Length, code= 0xD) while executing the command SSL Process Handshake Record (0x208D).

ciscoasa# show capture capin

34 packets captured

   1: 07:43:09.000854 802.1Q vlan#10 P0 192.168.1.101.50024 > 192.168.1.1.443: R 4072447170:4072447170(0) ack 238030498 win 0

   2: 07:43:16.537371 802.1Q vlan#10 P0 192.168.1.101.50050 > 192.168.1.1.443: S 4130703030:4130703030(0) win 65535

   3: 07:43:16.537478 802.1Q vlan#10 P0 192.168.1.1.443 > 192.168.1.101.50050: S 2002311585:2002311585(0) ack 4130703031 win 8192

   4: 07:43:16.537783 802.1Q vlan#10 P0 192.168.1.101.50050 > 192.168.1.1.443: . ack 2002311586 win 65535

   5: 07:43:16.539660 802.1Q vlan#10 P0 192.168.1.101.50050 > 192.168.1.1.443: P 4130703031:4130703173(142) ack 2002311586 win 65535

   6: 07:43:16.539721 802.1Q vlan#10 P0 192.168.1.1.443 > 192.168.1.101.50050: . ack 4130703173 win 32768

   7: 07:43:16.540285 802.1Q vlan#10 P0 192.168.1.1.443 > 192.168.1.101.50050: P 2002311586:2002312146(560) ack 4130703173 win 32768

   8: 07:43:16.541231 802.1Q vlan#10 P0 192.168.1.101.50050 > 192.168.1.1.443: . ack 2002312146 win 65535

   9: 07:43:16.572541 802.1Q vlan#10 P0 192.168.1.101.50050 > 192.168.1.1.443: F 4130703173:4130703173(0) ack 2002312146 win 65535

  10: 07:43:16.572586 802.1Q vlan#10 P0 192.168.1.1.443 > 192.168.1.101.50050: . ack 4130703174 win 32768

  11: 07:43:16.572693 802.1Q vlan#10 P0 192.168.1.1.443 > 192.168.1.101.50050: FP 2002312146:2002312146(0) ack 4130703174 win 32768

  12: 07:43:16.573166 802.1Q vlan#10 P0 192.168.1.101.50050 > 192.168.1.1.443: . ack 2002312147 win 65535

  13: 07:43:17.907378 802.1Q vlan#10 P0 192.168.1.101.50051 > 192.168.1.1.443: S 4049108725:4049108725(0) win 65535

  14: 07:43:17.907469 802.1Q vlan#10 P0 192.168.1.1.443 > 192.168.1.101.50051: S 65111902:65111902(0) ack 4049108726 win 8192

  15: 07:43:17.907713 802.1Q vlan#10 P0 192.168.1.101.50051 > 192.168.1.1.443: . ack 65111903 win 65535

  16: 07:43:17.908171 802.1Q vlan#10 P0 192.168.1.101.50051 > 192.168.1.1.443: P 4049108726:4049108868(142) ack 65111903 win 65535

  17: 07:43:17.908247 802.1Q vlan#10 P0 192.168.1.1.443 > 192.168.1.101.50051: . ack 4049108868 win 32768

  18: 07:43:17.908796 802.1Q vlan#10 P0 192.168.1.1.443 > 192.168.1.101.50051: P 65111903:65112463(560) ack 4049108868 win 32768

  19: 07:43:17.909559 802.1Q vlan#10 P0 192.168.1.101.50051 > 192.168.1.1.443: . ack 65112463 win 65535

  20: 07:43:17.911528 802.1Q vlan#10 P0 192.168.1.101.50051 > 192.168.1.1.443: F 4049108868:4049108868(0) ack 65112463 win 65535

  21: 07:43:17.911573 802.1Q vlan#10 P0 192.168.1.1.443 > 192.168.1.101.50051: . ack 4049108869 win 32768

  22: 07:43:17.911680 802.1Q vlan#10 P0 192.168.1.1.443 > 192.168.1.101.50051: FP 65112463:65112463(0) ack 4049108869 win 32768

  23: 07:43:17.912443 802.1Q vlan#10 P0 192.168.1.101.50052 > 192.168.1.1.443: S 820839175:820839175(0) win 65535

  24: 07:43:17.912519 802.1Q vlan#10 P0 192.168.1.1.443 > 192.168.1.101.50052: S 633784619:633784619(0) ack 820839176 win 8192

  25: 07:43:17.912550 802.1Q vlan#10 P0 192.168.1.101.50051 > 192.168.1.1.443: . ack 65112464 win 65535

  26: 07:43:17.913542 802.1Q vlan#10 P0 192.168.1.101.50052 > 192.168.1.1.443: . ack 633784620 win 65535

  27: 07:43:17.913984 802.1Q vlan#10 P0 192.168.1.101.50052 > 192.168.1.1.443: P 820839176:820839318(142) ack 633784620 win 65535

  28: 07:43:17.914045 802.1Q vlan#10 P0 192.168.1.1.443 > 192.168.1.101.50052: . ack 820839318 win 32768

  29: 07:43:17.914595 802.1Q vlan#10 P0 192.168.1.1.443 > 192.168.1.101.50052: P 633784620:633785180(560) ack 820839318 win 32768

  30: 07:43:17.915602 802.1Q vlan#10 P0 192.168.1.101.50052 > 192.168.1.1.443: . ack 633785180 win 65535

  31: 07:43:17.917860 802.1Q vlan#10 P0 192.168.1.101.50052 > 192.168.1.1.443: P 820839318:820839516(198) ack 633785180 win 65535

  32: 07:43:17.917906 802.1Q vlan#10 P0 192.168.1.1.443 > 192.168.1.101.50052: . ack 820839516 win 32768

  33: 07:44:19.913923 802.1Q vlan#10 P0 192.168.1.1.443 > 192.168.1.101.50052: . ack 820839515 win 32768

  34: 07:44:19.914274 802.1Q vlan#10 P0 192.168.1.101.50052 > 192.168.1.1.443: . ack 633785180 win 65535

34 packets shown

That's it.

No config issue.

Possible bugs:

CSCsm77854

CSCsd43563

CSCsj02948

Q.   How can I resolve this error message: %ASA-4-402123:   CRYPTO: The ASA hardware accelerator encountered an error?

A. In order to resolve this issue, try one of these workarounds:

• Disable the DTLS on ASA interfaces on which it is enabled.

  In order to complete this solution, go to the Anyconnect profile on           the ASDM, and remove the tick beside the interface working for the Anyconnect.           For more information, refer to           Enabling           Datagram Transport Layer Security (DTLS) with AnyConnect (SSL)           Connections.

• Reload the ASA.

  This problem arises due to an error in the hardware accelerator of           ASA. There are two bugs filed regarding this behavior. For more information,           refer to           CSCsd43563 ( registered customers only)          and           CSCsc64621" ( registered customers only)         .

But contact TAC would be the best.

As I do not work with them anymore I will not be able to access the database for this error.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Thank you for all your help diagnosing this, I thought I was going insane.