Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5144
Views
0
Helpful
1
Replies

Anyconnect error with AAA authentication

Pietro Corti
Level 1
Level 1

‎07-27-2016 01:23 AM - edited ‎02-21-2020 08:54 PM

Hi,

I have a problem with Anyconnect VPN connection.

Asa is a 5515-x with 9.4(2)11 release. Anyconnect client is 4.3.01095

All works fine with local authentication, but  with AAA authentication, after input user name and password the client is not able to estabilish connection.

I have test the authentication and it's works fine.

On ASA log and Anyconnect Message History I see this difference beetween connection with local profile and AAA profile :

AAA

Group <GPO_vpn_anyconnect_aaa> User <x.yyy> IP <5.170.11.176> TCP SVC connection terminated without compression
SSL session with client outside:5.170.11.176/13123 to 46.228.253.194/4443 terminated
Group = PROFILE_VPN_anyconnect_aaa, Username = x.yyy, IP = 5.170.11.176, Session disconnected. Session Type: AnyConnect-Parent, Duration: 0h:00m:12s, Bytes xmt: 0, Bytes rcv: 768, Reason: Internal Error
Group <GPO_vpn_anyconnect_aaa> User <x.yyy> IP <5.170.11.176> WebVPN session terminated: Internal Error.
Group <GPO_vpn_anyconnect_aaa> User <x.yyy> IP <5.170.11.176> SVC closing connection: Internal Error.
Group <GPO_vpn_anyconnect_aaa> User <x.yyy> IP <5.170.11.176> Error responding to SVC connect request.
Group <GPO_vpn_anyconnect_aaa> User <x.yyy> IP <5.170.11.176> TCP SVC connection established without compression
Group <GPO_vpn_anyconnect_aaa> User <x.yyy> IP <5.170.11.176> First TCP SVC connection established for SVC session

Contacting XXXXXX.
User credentials entered.
Please respond to banner.
User accepted banner.
Establishing VPN session...
The AnyConnect Downloader is performing update checks...
Checking for profile updates...
Checking for product updates...
Checking for customization updates...
Performing any required updates...
The AnyConnect Downloader updates have been completed.
Establishing VPN session...
Establishing VPN - Initiating connection...
Disconnect in progress, please wait...
The VPN client failed to establish a connection.
AnyConnect was not able to establish a connection to the specified secure gateway.

LOCAL

Group <GPO_vpn_anyconnect> User <x.yyy> IP <5.170.10.249> IPv4 Address <192.168.150.4> IPv6 address <::> assigned to session
Group <GPO_vpn_anyconnect> User <x.yyy> IP <5.170.10.249> Client Type: Cisco AnyConnect VPN Agent for Windows 4.3.01095
Group <GPO_vpn_anyconnect> User <x.yyy> IP <5.170.10.249> TCP SVC connection established without compression
Group <GPO_vpn_anyconnect> User <x.yyy> IP <5.170.10.249> First TCP SVC connection established for SVC session.


Contacting XXXXXX.
User credentials entered.
Establishing VPN session...
The AnyConnect Downloader is performing update checks...
Checking for profile updates...
Checking for product updates...
Checking for customization updates...
Performing any required updates...
The AnyConnect Downloader updates have been completed.
Establishing VPN session...
Establishing VPN - Initiating connection...
Establishing VPN - Examining system...
Establishing VPN - Activating VPN adapter...
Establishing VPN - Configuring system...
Establishing VPN...
Connected to Molteno.

Any idea about this ? With 8.4 firmware all works fine.....

Thanks a lot for your support.

Pietro

Labels:
0 Helpful
1 Reply 1

Dina Odeh
Level 1
Level 1

‎07-28-2016 01:08 AM

Hi, 

Could you share please the tunnel-group and grouppolicy used with both LOCALLY and AAA authentication. 

Mention please what is the AAA server you have, is it RADIUS, LDAP ... etc 

Attach also some AAA debugs 

0 Helpful
Customers Also Viewed These Support Documents