Showing results for 
Search instead for 
Did you mean: 

Who Me Too'd this topic

AnyConnect Client is not enabled on the VPN server error

Level 1
Level 1

We are trying to establish the ability to login remotely to our network via ASA5540, which has been running and working fine without remote user access, with site to site VPNs working just fine.

So, I followed the guidelines in cisco documentation for setting up for ASA 8.x: VPN Access with the AnyConnect VPN Client using self-signed certificate configuration example (

, and I will warn you, this is my first time trying to do this through the CLI.  I've used ASDM in the past with great success to do this.

I have the client loaded on a laptop remotely, and when I test logging in, using only local authentication, I receive the error on the client that 'Any Connect is not enabled on the VPN server" and login fails.  On the ASA, a debug shows the following relevant result section:




WebVPN session created!



Not calling vpn_remove_uauth: not IPv4!

webvpn_svc_np_tear_down: no ACL

webvpn_svc_np_tear_down: no IPv6 ACL

webvpn_remove_auth_handle: auth_handle = 113





webvpn_free_auth_struct: net_handle = 761209F0

webvpn_allocate_auth_struct: net_handle = 761209F0

webvpn_free_auth_struct: net_handle = 761209F0

This leads me to believe I have an issue with DHCP and assigning an address, but when I setup DHCP on the ASA, though it uses no address space used by my internal network nor by and site-to-site VPN, the site-to-site tunnels drop. 

I know you are all going to ask for the config right away, but I'd like to hear what you think I might have wrong, before posting the relevant parts... something is obviously missing, but when working with Cisco TAC and their suggestions, everything we did broke the site-to-site tunnel... or if you could point me towards any relevant documentation that makes the CLI version of the config pretty straightforward... later we do want to use our RADIUS authentication on this, but I'd like to just get one basic account working for now... 

Through Cisco TAC assistance, have the initial configuration now connecting and allowing login, now, to figure out why we can't route through it...

Who Me Too'd this topic