Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1687
Views
0
Helpful
1
Replies

Cisco 2921 ISR SSL VPN

Josh Adamson
Level 1
Level 1

‎12-04-2013 01:35 PM

Hello,

I have created a SSL VPN using SVC on a 2921 and currently here is my issue.  When I browse to the web site and login it is successful and also installs the Any Connect Client and connects.  At that point all works successfully.  When you disconnect and try to connect again by typing the ip address into Any Connect it states "connection failed".  If I try another machine with anyconnect already installed I get a message "invalid cert and connection failed".  Below is the configuration for the SSL VPN and I am using a self signed cert which has to be for this DR site at the current time....Any help is appreciated.....thanks

aaa authentication login uservpn local

!

crypto pki trustpoint TP-self-signed-2519532865

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2519532865

revocation-check none

rsakeypair TP-self-signed-2519532865

!

!

crypto pki certificate chain TP-self-signed-2519532865

certificate self-signed 01

  3082025D 308201C6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 32353139 35333238 3635301E 170D3130 30363135 31353337

  34315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35313935

  33323836 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100AE70 14E1B352 33B99C21 2BA10F47 2EEBEB22 1FAD3B4E 4E4CEC55 BAB8F502

  49025428 34A8128F AE7CD70C AC572CBE F614473F 38CAEED0 D294358A 332C43D3

  053FDF63 DFCEA2C8 3A9EA457 CA426791 BCCA4B9E CE3D2FC6 DE9242F0 1E5987B2

  95E32970 D3EC5F87 19F297BD 0568073B BEB82AA2 3EF2F6A1 C960A3D8 2A98D782

  7B410203 010001A3 81843081 81300F06 03551D13 0101FF04 05300301 01FF302E

  0603551D 11042730 2582234F 4C594D50 49412D56 414E2D32 3932312D 322E6F6C

  796D7069 61747275 73742E63 6F6D301F 0603551D 23041830 1680148A 0B6232F1

  D50DD40E 113F7354 DF5AAA4C 6C055F30 1D060355 1D0E0416 04148A0B 6232F1D5

  0DD40E11 3F7354DF 5AAA4C6C 055F300D 06092A86 4886F70D 01010405 00038181

  00570925 70950700 73531783 7FCE5578 3EBDF166 3A55A497 436AC9F7 91AFAE11

  D035EB88 ABB1C9B6 433A58A0 46A95165 4305D44B C40770EA C0055320 F9B89207

  12FB8908 8057F577 712D610C 3AA017B7 D080B2E9 4C208A2A 9DCA7E95 01CDAD3D

  B7CD036C 0D94A6DB DC765EE7 B0669E40 CAF6D56F 94532BA4 F67B900F 8ECB8129 D1

            quit

!

ip local pool uservpn 192.168.201.200 192.168.201.250

!

ip access-list extended outside-in

permit tcp any host x.x.x.x eq 443 www

permit udp any host x.x.x.x eq 443 80

!

!

webvpn gateway VANCISCO2921DR-GATEWAY

ip address x.x.x.x port 443 

http-redirect port 80

ssl encryption rc4-md5

ssl trustpoint TP-self-signed-2519532865

inservice

!

webvpn install svc flash0:/webvpn/anyconnect-win-3.1.04072-k9.pkg sequence 1

!

webvpn context Cisco-WEBVPN

title "DR VPN Access to Vancouver"

ssl authenticate verify all

!

acl "ssl-acl"

   permit ip 192.168.201.0 0.0.0.255 10.2.1.0 0.0.0.255

   permit ip 192.168.201.0 0.0.0.255 10.2.2.0 0.0.0.255

   permit ip 192.168.201.0 0.0.0.255 10.2.3.0 0.0.0.255

   permit ip 192.168.201.0 0.0.0.255 10.2.4.0 0.0.0.255

   permit ip 192.168.201.0 0.0.0.255 10.2.5.0 0.0.0.255

!

login-message "DR VPN Access to Vancouver"

!

policy group webvpnpolicy

   functions svc-required

   filter tunnel ssl-acl

   svc address-pool "uservpn"

   svc rekey method new-tunnel

   svc split include 10.2.1.0 255.255.255.0

   svc split include 10.2.2.0 255.255.255.0

   svc split include 10.2.3.0 255.255.255.0

   svc split include 10.2.4.0 255.255.255.0

   svc split include 10.2.5.0 255.255.255.0

default-group-policy webvpnpolicy

aaa authentication list uservpn

gateway VANCISCO2921DR-GATEWAY

max-users 2

inservice

!

Labels:
0 Helpful
1 Reply 1

end2endtechs
Level 1
Level 1

‎12-06-2013 09:34 PM

For AnyConnect users, the following user error message is seen:


"Connection attempt has failed due to server communication errors. Please retry the connection"


The AnyConnect event log will show the following error message snippet:


Function: ConnectIfc::connect

Invoked Function: ConnectIfc::handleRedirects

Description: CONNECTIFC_ERROR_HTTP_MAX_

REDIRS_EXCEEDED

Cisco Is still finding answers and there is no fix for it yet

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents