10-08-2012 12:01 PM - edited 03-11-2019 05:06 PM
We recently replaced our Cisco 5510 with a 5520. I had the SSL Client VPN working on the 5510, I cannot get it working on the 5520. The IOS version is 8.2(5) and the ASDM version is 6.4.
I run through the SSL Client wizard and get everything set up. When I try to get to my outside interface Internet Explorer just comes up with an error. When I try to connect through the Cisco AnyConnect client on my Android it used to come up with a "No address available for SVC connection". After deleting an address pool not even related to my SSL VPN profile I cannot get that far. I just get a "login failed". Even after I create a user with level 15 privilege and assign to my vpn group policy.
I still get the "No address available for SVC connection" when I try to connect to the default profile, which doesn't really go anywhere.
Attached is a sanitized version of my config. Any help is appreciated.
10-08-2012 12:28 PM
Hi Adam,
I do not see any SSL profile:
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
authentication ms-chap-v2
!
tunnel-group VPN5 type remote-access
tunnel-group VPN5 general-attributes
address-pool VPN5Pool
default-group-policy VPN5GrpPolicy
dhcp-server 11.2.1.38
Which profile do you need to set up for AnyConnect?
The AnyConnect client seems to be properly enabled.
webvpn
enable outside
anyconnect-essentials
svc image disk0:/anyconnect-win-3.1.00495-k9.pkg 1
svc enable
Thanks.
Portu.
Message was edited by: Javier Portuguez
10-08-2012 12:43 PM
VPN5 needs to be set up. What needs to be configured?
10-08-2012 12:41 PM
Running through the debug logs of AnyConnect on the droid I see lines like "
Line: 934 No profile available for host
10-08-2012 01:32 PM
Adam,
Please do the following:
webvpn
tunnel-group-list enable
!
tunnel-group VPN5 webvpn-attributes
group-alias vpn5 enable
!
When you try to connect, you should see a dropdown menu with the "vpn5" name.
Let me know.
Thanks.
10-09-2012 10:11 AM
Javier, I added these lines. I still cannot get to the outside interface web page. Also now when I try to get in through my Android AnyConnect comes back with "could not connect to the server" instead of a "login invalid" error.
10-09-2012 10:17 AM
Going over the AnyConnect logs in Android I'm still getting a "no profile host available for
10-09-2012 10:49 AM
Googled around more, results still mostly show people working Linux, CentOS, etc. A few of those people talk about problems with a proxy setting which I don't believe I have. Others just needed to update the client and I'm at the latest version.
Any help is appreciated. I normally don't use the wizard as I'm a fan of the command line but for a task like setting up a VPN connection I thought this would be easier, it worked fairly smoothly last time. This time...not so much. Currently researching how to manually program the VPN in...
10-09-2012 12:56 PM
I would try to re create a selfsigned certificate and re-enable ssl on the outside. You should at least get the home sslvpn web page. Can you attach th txt and not a zip so I can take a look from my iphone
Sent from Cisco Technical Support iPhone App
10-09-2012 12:58 PM
I attached the file as .txt, the forum page zips the file up. I see no way of turning off this option.
I can try to recreate a self signed certificate, I don't exactly know what you mean by re-enabling ssl.
Thanks for your response.
10-09-2012 12:59 PM
I see the txt again :S
Sent from Cisco Technical Support iPhone App
10-09-2012 12:59 PM
I meant zip. I see the zip
Sent from Cisco Technical Support iPhone App
10-09-2012 01:02 PM
See above comment. Reading up on how to generate a certficate.
10-09-2012 01:08 PM
Under webvpn
Enable outside
That is how you enable it.
Here are the steps to config the vpn
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml
Sent from Cisco Technical Support iPhone App
10-09-2012 01:33 PM
After watching a few youtube videos on the SSL AnyConnect VPN it doesn't look like I've done anything wrong or unusual.
I've added a self-signed certificate, I still don't get anything when I go to my outside interface IP, when I try to log in through my android I get a drop down for VPN5, select it, try to enter either of my users set up for VPN5, logins fail. I enter a username set up for the defaultgrppolicy and it connects me right in eventhough that policy doesn't contain any VPN5 references.
Somehow the default VPN group is blocking or confusing the device, stopping it from using my VPN5 group.
Confused to say the least.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide