Stranger and stranger, I un-enabled the default webvpn group. Outside interface page still won't come up. On Android, neither of my VPN5 users can log in. When I try to use the default webvpn log in it tells me anyconnect isn't enabled on the server, which I expected because I just un-enabled it. But why is VPN5 still not working? And for that matter, the web page?

I had some sort of group lock option on. I turned that off and I can log in via Android. I can't get to any corporate sites or internet sites, but I can log in using the VPN5 vpn. I thought this was a split tunneling issue and turned that off. This did not help, I still cannot get to the internet or to internal sites while logged into the VPN.

Also, still can't get into the outside interface page.

Additionally, I took out my entries for DNS and WINS servers thinking this might be the issue, changed it to inherited, this brings up an error that "dns cannot be blank" when I try to edit the connection profile. Added the DNS and WINS server addresses back in. No change.

I added a NAT exemption and re-added split tunneling. That's working, as far as I've tested, I can vpn into my network via android, ping local networks and ping the internet. Traceroute shows split tunneling is working. Android, overall, seems to be working.

HOWEVER, I still cannot get the outside interface website to show up. Not on it's on, not with VPN5, vpn5, or admin after. This is the last part, any help is appreciated.

More strangeness, I can ping the outside interface external ip address from my firewall, which I've read is a good indicator the web page should be working. But it's not. Any ideas?

Followed the below thread:

https://supportforums.cisco.com/thread/2138580

When I ran the "show asp table socket" command, SSL was being listened for on that outside interface. I ran the "

no http server enable" and got into webvpn to run the "no outside enable" then "outside enable" to refresh it. Checked the socket table, it was still listening. Web page still isn't working.

EDIT: Running "no http server enable" kills your ability to get into the ASDM, do NOT run that command.

Hello Adam,

Can you post the updated show running-config so I can analize it

Regards

Julio

Ok, things are progessing, but I still have some issues I'd like help with. Here's the situation: I can connect in via Android AnyConnect and iPhone AnyConnect, they can get around in the internal network. Coming from the outside of my network, I can get to the external address of my outside interface and the login page comes up to install the client.

Issues:

1) I still cannot access my outside interface from my internal network, at least to the point where it let's me bring up the webpage, log in, and install the client. This seems like it should be easy to set up, but it has eluded me so far.

2) I can install the client on my Windows 7 x86 machine but when I try to connect I'm getting 2 windows that pop up talking about security warnings and certificates. The second window requires me to actually get into the settings of the client and allow client to connect to an "untrusted server". I have a self signed certificate created by the ASA, I'm assuming/hoping there is a way I can import that cert into any machine that wants to connect and avoid seeing those error messages.

3) After working with the AnyConnect client I noticed the lack of an option to save/remember a password. I'm looking for an alternative client that allows this and works with SSL, anyone have recomendations? Ideally I'd like one client for both Android and iPhone.

Thanks.