09-02-2010 09:29 AM - edited 02-21-2020 04:49 PM
Hi All,
I have a strange problem with Anyconnect 2.5
In the profile I have specified a hostname for my headend ASA (a single 5540 with 1000 ssl premium, one full client profile, very straight forward config).
When the Anyconnect client runs up and gives me the 'Connect To' list, the hostname appears there as expected. However, If I click 'Select' I get an error 'Invalid host entry, Please re-enter'
If I then click in the box, delete the string as given in the list and type in the IP address of that hostname and click select, it works !
I tried changing the profile to specify the IP address, same result. Fails if i just click select but works if i delete the IP address (which worked in the test above) and retype hostname as was originally in the list, into the connect to box !
Once it is working I can disconnect and reconnect as normal with the manually entered hostname or ip but not the profile populated versions.Of course, as soon as I shut the client down and reload it, i'm back to square one.
I have tried a few different combinations and it seems that whatever entry was populated in the list by the profile will never work, I have to manually type in either the IP or the hostname (the opposite of the profile entry) to get it working.
Anyone seen this behaviour and can suggest a fix/workaround ? I'm at a loss with this one !!
Cheers
09-02-2010 02:58 PM
Would you be able to provide a sample of the AnyConnect profile that you are testing with? I would like to see if I can duplicate the behavior on my lab ASA.
09-03-2010 01:42 AM
09-03-2010 06:44 AM
Are you using 2.5.1025? I saw a similar issue but when i reverted back to 2.4.1012, everything works. I am using the same profile but once I upgrade, I get invalid host.
09-03-2010 08:39 AM
It is definitely strange. When I import your profile into my ASA configuration, it reverts all of the fields to their defaults. Although the context of the profile looks ok, I am wondering if the schema is being validated correctly. If I make changes to the profile once loaded, the changes are saved as I would expect to see. What I would do is either build the profile from scratch using either the .tmpl file that gets installed with AnyConnect or utilize the profile GUI in ASDM 6.3. To access the profile directory in Windows XP, you can follow the path below. Delete any existing XML files and use the AnyConnectProfile.tmpl file as your baseline. This template will change with each new AnyConnect revision as features are added or modified.
C:\Documents and Settings\All Users\Application Data\Cisco\Cisco AnyConnect VPN Client\Profile
09-03-2010 09:12 AM
Thanks for the help guys..
Just an update.
I have also found that if i make changes to the profile manually, it works, even though the file doesnt appear to look any different although I still have to type the opposite of what was there already, i.e. type in the IP if the hostname was there originally.
I did try both the GUI in ASDM 6.3 and the standalone java version and both made no difference. It seems that if I manually edit the file in the way above, then it works.
I have found a workaround which may help you guys with more knowledge than me pin this down, If i use either GUI to build the profile but then omit the GROUP entry from the host portion of the profile, it works everytime.
It may be my config after all.
Cheers Guys.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide