Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
302
Views
0
Helpful
1
Replies

AnyConnect Config Help

neilf_adsi
Level 1
Level 1

‎11-25-2015 03:28 PM

I'm struggling with the Anyconnect configuration I've tried the wizard and command line.

When I connect on my iPhone,  I get the banner message, put in my username and password and then the connection fails. On the Windows application, it just fails to connect.

Can someone help me with where I've gone wrong please?

Here is a copy of, what I think is, the relevant config

Any help is grately apreciated.

Thanks
Neil

access-list VPN_AC_ACL extended permit ip object-group VPN_CLIENTS object-group MGT_LAN
access-list VPN_AC_ACL extended permit ip object-group VPN_CLIENTS object-group PRT_LAN
access-list VPN_AC_ACL extended permit ip object-group VPN_CLIENTS object-group SVR_LAN
access-list VPN_AC_ACL extended permit ip object-group VPN_CLIENTS object-group WKSTN_LAN

crypto ikev2 enable EXT_PUB_INT client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0

ssl trust-point ASDM_TrustPoint0 EXT_PUB_INT
ssl trust-point ASDM_Launcher_Access_TrustPoint_0 inside
ssl trust-point ASDM_Launcher_Access_TrustPoint_0 inside vpnlb-ip

webvpn
 enable EXT_PUB_INT
 anyconnect image disk0:/anyconnect-win-4.2.00096-k9.pkg 1 regex "Windows NT"
 anyconnect enable
 tunnel-group-list enable
 error-recovery disable


group-policy AnyConnectPolicy internal
group-policy AnyConnectPolicy attributes
 banner value ************* WARNING *************
 banner value Use of this connection is restricted to authorised users only.
 banner value Unauthorised or inappropriate use is prohibited and may be subject to administrative, criminal,
 banner value or civil penalties. This connection is monitored and logged.
 wins-server none
 dns-server value 192.168.1.8 192.168.1.9
 vpn-tunnel-protocol ikev2 ssl-client
 ipsec-udp enable
 ipsec-udp-port 10000
 default-domain value domain.local
dynamic-access-policy-record DfltAccessPolicy
dynamic-access-policy-record VPN_ANYC_PROD_IT
 description "AnyConnect VPN Client"
 network-acl VPN_AC_ACL
 priority 5
 webvpn
 url-list none
 svc ask none default svc

username testvpn password WDnnelLwaGzjjP0y encrypted


Labels:
0 Helpful
1 Reply 1

mrsethi
Cisco Employee
Cisco Employee

‎11-26-2015 11:43 PM

Hi,

Going through the details, i see that you are failing to connect to the ASA via AnyConnect from iPhone and Windows.

>>Going through the config, i believe that you are trying to do IPsec Connection from AnyConnect client.

>>In order that you can connect from AnyConnect using IPsec, an AnyConnect profile needs to be configured with the primary protocol set to ipsec.

>>Initially the client for the first time will connect to the ASA using SSL and download the profile then the second time when the client will try to connect it will use the profile downloaded.

Please check the below link which explains about the troubleshoot and sample configuration.

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116158-trouble-asa-ikev2-00.html

Regards,

Mrutunjay Sethi

0 Helpful
Customers Also Viewed These Support Documents