Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5484
Views
0
Helpful
1
Replies

AnyConnect Client is not enabled on the VPN server error

ken.montgomery
Level 1
Level 1

‎01-09-2013 07:38 AM - edited ‎02-21-2020 06:36 PM

We are trying to establish the ability to login remotely to our network via ASA5540, which has been running and working fine without remote user access, with site to site VPNs working just fine.

So, I followed the guidelines in cisco documentation for setting up for ASA 8.x: VPN Access with the AnyConnect VPN Client using self-signed certificate configuration example (

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml)

, and I will warn you, this is my first time trying to do this through the CLI.  I've used ASDM in the past with great success to do this.

I have the client loaded on a laptop remotely, and when I test logging in, using only local authentication, I receive the error on the client that 'Any Connect is not enabled on the VPN server" and login fails.  On the ASA, a debug shows the following relevant result section:

webvpn_auth.c:http_webvpn_auth_accept[3066]

webvpn_session.c:http_webvpn_create_session[184]

webvpn_session.c:http_webvpn_find_session[159]

WebVPN session created!

webvpn_session.c:http_webvpn_find_session[159]

webvpn_session.c:http_webvpn_destroy_session[1386]

Not calling vpn_remove_uauth: not IPv4!

webvpn_svc_np_tear_down: no ACL

webvpn_svc_np_tear_down: no IPv6 ACL

webvpn_remove_auth_handle: auth_handle = 113

webvpn_portal.c:webvpn_determine_primary_username[5695]

webvpn_portal.c:webvpn_determine_secondary_username[5764]

webvpn_portal.c:ewaFormServe_webvpn_login[1974]

webvpn_portal.c:http_webvpn_kill_cookie[790]

webvpn_free_auth_struct: net_handle = 761209F0

webvpn_allocate_auth_struct: net_handle = 761209F0

webvpn_free_auth_struct: net_handle = 761209F0

This leads me to believe I have an issue with DHCP and assigning an address, but when I setup DHCP on the ASA, though it uses no address space used by my internal network nor by and site-to-site VPN, the site-to-site tunnels drop. 

I know you are all going to ask for the config right away, but I'd like to hear what you think I might have wrong, before posting the relevant parts... something is obviously missing, but when working with Cisco TAC and their suggestions, everything we did broke the site-to-site tunnel... or if you could point me towards any relevant documentation that makes the CLI version of the config pretty straightforward... later we do want to use our RADIUS authentication on this, but I'd like to just get one basic account working for now... 

Through Cisco TAC assistance, have the initial configuration now connecting and allowing login, now, to figure out why we can't route through it...

1 person had this problem
Labels:
0 Helpful
1 Reply 1

nefkensp
Level 5
Level 5

‎01-09-2013 10:02 AM

Make sure that there are anyconnect images loaded on the flash of the asa and that these are loaded. Then enable anyconnect:

Webvpn
Anyconnect enable



Sent from Cisco Technical Support iPhone App

0 Helpful
Customers Also Viewed These Support Documents