Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
427
Views
0
Helpful
2
Replies

Anyconnect Configuration issue

Go to solution
sina tahmasebi
Level 1
Level 1

‎03-04-2015 03:31 PM - edited ‎02-21-2020 08:07 PM

Hi Folks, 

I'm trying to configure anyconnect for a testing purposes on our corporate network. 

I have an ASA connecting to a Lan with a Class B network configured on inside interface and another class B network on outside interface. 

the routing is configured for inside network and works ok,ena and for the outside network I put a default route pointing to a switch that is connected to our Corporate BGP router! 

I have configured the Anyconnect with all the required policies and everything but I cannot get any prompt from outside network. 

The ASA does not log anything so I'm wondering if any attempts even happen at all or not. 

I haven't configured NATexemption as I guess it is not needed because I'm not doing any nating on this device. 

here is my configuration: 

route outside 0.0.0.0 0.0.0.0 x.x.x.x (next hop switch)
route inside x.x.0.0 255.255.0.0 x.x.x.x 1

crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint ASDM_TrustPoint1
 enrollment self
 subject-name CN=anyconnect-test
 proxy-ldc-issuer
 crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint1
 certificate a595f554

 

webvpn
 enable outside
 anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
 anyconnect enable
 tunnel-group-list enable
group-policy anyconnect internal
group-policy anyconnect attributes
 vpn-tunnel-protocol ssl-client
 split-tunnel-policy tunnelall
 webvpn
  anyconnect keep-installer installed
  anyconnect ask enable default anyconnect timeout 10

username xxxxxx password xxxxxxxxxxxxxxx encrypted

 

tunnel-group anyconnect type remote-access
tunnel-group anyconnect general-attributes
 address-pool Connect-Net
 default-group-policy anyconnect
tunnel-group anyconnect webvpn-attributes
 group-alias anyconnect-test enable

 

Any help would be appreciated. 

Cheers.

 

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎03-04-2015 06:52 PM

Hi,

Is client getting any error while connecting to the ASA? Can you enable debug webvpn anyconnect 255, debug webvpn 255 and see if the request is making it in? What is the SSL port on which client is connecting? Configuration looks fine.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎03-04-2015 06:52 PM

Hi,

Is client getting any error while connecting to the ASA? Can you enable debug webvpn anyconnect 255, debug webvpn 255 and see if the request is making it in? What is the SSL port on which client is connecting? Configuration looks fine.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful

Go to solution
Tushar Bangia
Level 1
Level 1

‎03-04-2015 09:53 PM

Your configs only support Windows based clients "anyconnect-win-2.5.2014-k9.pkg". Hence please confirm if you are working with client machine with windows OS.

 

You can try below for quick test:

 

- Try to work with local authentication.

- Capture below debugs to identify the cause of the issue:

 

debug aaa common

debug webvpn 255

 

Regards,

 

Tushar Bangia

 

Note: Please do rate post if you find it helpful!!

 

0 Helpful
Customers Also Viewed These Support Documents