02-07-2015 02:35 AM - edited 02-21-2020 08:04 PM
Hello There,
We have migrated from ASA 5520 to new ASA 5525-X Series. The configuration is identical with the older one. The Certificate is transferred as well. Anyconnect essentials license has been bought. But now all are working except Anyconnect VPN client users. When I try to login from phone where anyconnect software was installed showing at the client side the message "Login Denied, unauthorized connection mechanism, contact your administrator". From the firewall log I don't see any specific error that I can follow to troubleshoot. But when I am trying to login from a new device where I didn't install the anyconnect client I get the Message from client side "" and from the firewall log "Session terminated: SVC not enabled for the user".
The firewall has enabled the webvpn on the outside/Internet interface.
webvpn
enable wlan_extern
enable internet
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-3.1.01065-k9.pkg 1
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
anyconnect image disk0:/anyconnect-linux-2.5.2014-k9.pkg 3
anyconnect image disk0:/anyconnect-macosx-i386-3.1.04072-k9.pkg 4
anyconnect image disk0:/anyconnect-win-3.1.05170-k9.pkg 5
anyconnect image disk0:/anyconnect-macosx-i386-3.1.05160-k9.pkg 6
anyconnect image disk0:/anyconnect-win-3.1.05170-k9.pkg 7
anyconnect image disk0:/anyconnect-linux-3.1.05182-k9.pkg 8
anyconnect profiles Quarzwerke disk0:/quarzweke.xml
anyconnect enable
ASA license version:
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : 750 perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Enabled perpetual
Cluster Members : 2 perpetual
This platform has an ASA5525 VPN Premium license.
Any kind of help will be greatly appreciated.
Zaman
02-07-2015 04:25 AM
I found the configuration Problem. In the DAP profile the attribute and value was missing. Now it is working without any issue.
Thanks
Zaman
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide