Re: CUPC through AnyConnect SSL VPN

Rob McCarty · ‎03-17-2011

Having trouble using CUPC 7 through new ASA on SSL VPN (Anyconnect 2.5). Firewall rules have been opened to allow traffic, and am able to sign in, however unable to use softphone, or set status to available. Routing and FW rules seem fine (since I can sign in).

In the ASA's logs I see this entry every time I try to put myself into available:

"Deny TCP (no connection) from 10.0.0.1 *client IP* to 192.0.0.1/433 *CUPS IP* flags RST on interface outside"

The details say something about there not being an associated connection in the connection table on the firewall.

Is there something in the ASA I can do to fix this? Or on the client? FWIW, it works fine through an IPSec VPN (checkpoint).

RAJAMANI Nallakaruppan · ‎03-20-2011

Hey Rob,

Have you tried disabling the SIP Inspection on the ASA. And even if that is not working try to disable the Windoes Firewall on the Client machine and then give it a try. Is this happening for all the Client machines or specific machines like only for Windows 7, Vista? Let me know how it goes.

Regards

Rajamani

Rob McCarty · ‎03-21-2011

I have disabled SIP inspection with no difference in behaviour. I think this may be before SIP is used as its not even to the point of making calls, rather putting the client in available and seeing other's status that doesn't work (although sign in does work). I think this communication just uses port 443, but I am fuzzy on the details of how CUPC works

To clarify, this works fine on the LAN, as well as through other VPN clients (Checkpoint IPSec for example) to the same site. Its only when connected through SSL AnyConnect that it doesn't work.