anyconnect connection profile issue

qsosan20 · ‎10-09-2024

Hello Experts ,

I have a weird issue with my ASA , i configured two connection profiles X and Y , both have exact same config , the only difference is the name , when trying to connect to profile X anyconnect will work , however when trying to connect to profile Y am getting login denied (as attached) , and when i enabled some debugs am getting just below :

Oct 08 2024 17:25:07: %ASA-6-725007: SSL session with client OUTSIDE:x.x.x.x/13305 to y.y.y.y/443 terminated

MHM Cisco World · ‎10-09-2024

This can happened if you use group-lock' can yoh check your config for this

MHM

qsosan20 · ‎10-09-2024

@HMHMHM thanks for your reply , below are the group policy config for both tunnels group and there is no group lock :

group-policy ISEGroupPolicy internal
group-policy ISEGroupPolicy attributes
wins-server none
dns-server value x.x.x.x
vpn-simultaneous-logins 3
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value test
default-domain value x.com
split-tunnel-all-dns enable
webvpn
anyconnect mtu 1200
anyconnect profiles value test-tunnel type user
always-on-vpn profile-setting

MHM Cisco World · ‎10-09-2024

debug webvpn anyconnect 255 <<- run this debug when try to access

MHM

qsosan20 · ‎10-09-2024

Please find the attached debugs ,

qsosan20 · ‎10-09-2024

Issue has been fixed , and it was due to a conflict in DAP records , thank you