11-25-2015 03:28 PM
I'm struggling with the Anyconnect configuration I've tried the wizard and command line.
When I connect on my iPhone, I get the banner message, put in my username and password and then the connection fails. On the Windows application, it just fails to connect.
Can someone help me with where I've gone wrong please?
Here is a copy of, what I think is, the relevant config
Any help is grately apreciated.
Thanks
Neil
access-list VPN_AC_ACL extended permit ip object-group VPN_CLIENTS object-group MGT_LAN
access-list VPN_AC_ACL extended permit ip object-group VPN_CLIENTS object-group PRT_LAN
access-list VPN_AC_ACL extended permit ip object-group VPN_CLIENTS object-group SVR_LAN
access-list VPN_AC_ACL extended permit ip object-group VPN_CLIENTS object-group WKSTN_LAN
crypto ikev2 enable EXT_PUB_INT client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
ssl trust-point ASDM_TrustPoint0 EXT_PUB_INT
ssl trust-point ASDM_Launcher_Access_TrustPoint_0 inside
ssl trust-point ASDM_Launcher_Access_TrustPoint_0 inside vpnlb-ip
webvpn
enable EXT_PUB_INT
anyconnect image disk0:/anyconnect-win-4.2.00096-k9.pkg 1 regex "Windows NT"
anyconnect enable
tunnel-group-list enable
error-recovery disable
group-policy AnyConnectPolicy internal
group-policy AnyConnectPolicy attributes
banner value ************* WARNING *************
banner value Use of this connection is restricted to authorised users only.
banner value Unauthorised or inappropriate use is prohibited and may be subject to administrative, criminal,
banner value or civil penalties. This connection is monitored and logged.
wins-server none
dns-server value 192.168.1.8 192.168.1.9
vpn-tunnel-protocol ikev2 ssl-client
ipsec-udp enable
ipsec-udp-port 10000
default-domain value domain.local
dynamic-access-policy-record DfltAccessPolicy
dynamic-access-policy-record VPN_ANYC_PROD_IT
description "AnyConnect VPN Client"
network-acl VPN_AC_ACL
priority 5
webvpn
url-list none
svc ask none default svc
username testvpn password WDnnelLwaGzjjP0y encrypted
11-26-2015 11:43 PM
Hi,
Going through the details, i see that you are failing to connect to the ASA via AnyConnect from iPhone and Windows.
>>Going through the config, i believe that you are trying to do IPsec Connection from AnyConnect client.
>>In order that you can connect from AnyConnect using IPsec, an AnyConnect profile needs to be configured with the primary protocol set to ipsec.
>>Initially the client for the first time will connect to the ASA using SSL and download the profile then the second time when the client will try to connect it will use the profile downloaded.
Please check the below link which explains about the troubleshoot and sample configuration.
http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116158-trouble-asa-ikev2-00.html
Regards,
Mrutunjay Sethi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide