I have an ASA5505 device that I am trying to configure to allow remote access to my users.
This is a breif overview of what I have going on. Please let me know what/where you need more information from me.
-dsl modem in bridge mode.
-ASA receiving outside IP from the ISP, and doing the NAT.
as a result everything/everyone inside has internet access.
-DMZ subnet disabled.
-SSL & IPSec rules configured in the ASA
To test this connection I have a win vista and a win7 laptop with a sprint broadband card for outside access, if it should matter.
The Cisco VPN client 4.8 doesn't get along with these OS, it seems.
Anyconnect 2.4 installs and runs fine.
I am able to access the webVPN portal from anywhere across the internet.
I have a local test user setup in the ASA. When monitoring the real time log, as I try to log in with that user the ASA accepts the credentials, starts the connection then immediately drops it. Log of this activity is below.
I'm sure this is obvious to those familiar, but here it is anyway:
184.x.6.x = client IP
99.x.70.x = ASA outside IP
6|Jan 18 2011|10:57:50|725007|184.x.6.x||SSL session with client The.Cloud:184.x.6.x/50309 terminated.
6|Jan 18 2011|10:57:49|302014|184.x.6.x|99.x.70.x|Teardown TCP connection 1397779 for The.Cloud:184.x.6.x/50309 to NP Identity Ifc:99.x.70.x/443 duration 0:00:01 bytes 6144 TCP Reset-O
6|Jan 18 2011|10:57:48|113008|||AAA transaction status ACCEPT : user = test
6|Jan 18 2011|10:57:48|113009|||AAA retrieved default group policy (DfltGrpPolicy) for user = test
6|Jan 18 2011|10:57:48|113011|||AAA retrieved user specific group policy (MicroWorks.Remote.Users) for user = test
6|Jan 18 2011|10:57:48|113003|||AAA group policy for user test is being set to MicroWorks.Remote.Users
6|Jan 18 2011|10:57:48|113012|||AAA user authentication Successful : local database : user = test
6|Jan 18 2011|10:57:48|725002|184.x.6.x||Device completed SSL handshake with client The.Cloud:184.x.6.x/50309
6|Jan 18 2011|10:57:48|725001|184.x.6.x||Starting SSL handshake with client The.Cloud:184.x.6.x/50309 for TLSv1 session.
6|Jan 18 2011|10:57:48|302013|184.x.6.x|99.x.70.x|Built inbound TCP connection 1397779 for The.Cloud:184.x.6.x/50309 (184.x.6.x/50309) to NP Identity Ifc:99.x.70.x/443 (99.x.70.x/443)
6|Jan 18 2011|10:57:48|725001|184.x.6.x||Starting SSL handshake with client The.Cloud:184.x.6.x/50308 for TLSv1 session.
6|Jan 18 2011|10:57:48|302013|184.x.6.x|99.x.70.x|Built inbound TCP connection 1397778 for The.Cloud:184.x.6.x/50308 (184.x.6.x/50308) to NP Identity Ifc:99.x.70.x/443 (99.x.70.x/443)
I see that reset-O, is that the "connection was reset from the outside". Does that referr to the 'outside' interface on the ASA or the outside client? Or am I missing the mark completely here?
Any suggestions out there?
TCP Reset-O means that the session was terminated on the outside (probably by the client, or something on the path).
You could probably get more information as to why is failing by gathering the output of debug vpn-sessiondb 127 when connecting via VPN.