01-11-2019 01:06 AM - edited 01-11-2019 06:35 AM
Got the certificate connection working. Tunnel is connected but drops immediately with this message.
__________________________________________________________________________________
Function: CCvcConfig::validateMgmtTunParameters
File: vpnconfig.cpp
Line: 3641
Block-all IPv6 is not supported for management tunnel
\Function: CCvcConfig::setConfig
File: vpnconfig.cpp
Line: 1736
Invoked Function: CCvcConfig::validateMgmtTunParameters
Return Code: -33095617 (0xFE07003F)
Description: CVCCONFIG_ERROR_INVALID_MGMT_TUN_CONFIG
Termination reason code 1:
Configuration received from secure gateway was invalid.
__________________________________________________________________________________
Checking my asa config and can't see things that could be related.
What to check?
Solved! Go to Solution.
01-13-2019 03:20 AM
Finally got it working!
Was required. Probably because im not doing anything with IPv6.
(also in the manual on page 126, last lines)
01-11-2019 01:59 AM
Hi,
The AC 4.7 management tunnel requires a machine certificate, is that the certificate you have or were you referring to a user certificate?
01-11-2019 02:01 AM - edited 01-11-2019 02:02 AM
I'm using machine certs.
Anyconnect log says it found 1 valid cert and using it.
01-11-2019 02:10 AM
Have you created a Tunnel Group and Profile for the Management Tunnel?
More information here from page 125
01-11-2019 02:13 AM
Yes, this is how i got started :)
I simply cannot find anything that is ipv6 related / blocked in the tunnel group/ profile
01-13-2019 03:20 AM
Finally got it working!
Was required. Probably because im not doing anything with IPv6.
(also in the manual on page 126, last lines)
11-05-2021 02:18 PM
Thank you osiega001. We were having the same issue with FTD 7.0, and we couldn't figure out for weeks. Cisco TAC pointed out there is a bug with the management tunnel not working with IPv6 disabled. After searching the Internet and seeing your resolution, I enabled the "Client Bypass Protocol" in the management tunnel group policy. The management tunnel is magically connected now!
07-12-2019 02:33 AM
I'm not sure what exactly you're trying to accomplish, but check out my guide. A lot of good info there. You may be interested in how the Client Bypass Protocol setting works.
https://technook.home.blog/2019/07/11/cisco-anyconnect-managent-vpn-tunnel-microsoft-ca/
07-12-2019 02:35 AM - edited 07-12-2019 03:38 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide