cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2547
Views
5
Helpful
5
Replies

Anyconnect full Client - Invalid Host

roadhouse1387
Level 1
Level 1

Hi All,

I have a strange problem with Anyconnect 2.5

In the profile I have specified a hostname for my headend ASA (a single 5540 with 1000 ssl premium, one full client profile, very straight forward config).

When the Anyconnect client runs up and gives me the 'Connect To' list, the hostname appears there as expected. However, If I click 'Select' I get an error 'Invalid host entry, Please re-enter'

If I then click in the box, delete the string as given in the list and type in the IP address of that hostname and click select, it works !

I tried changing the profile to specify the IP address, same result. Fails if i just click select but works if i delete the IP address (which worked in the test above) and retype hostname as was originally in the list, into the connect to box !

Once it is working I can disconnect and reconnect as normal with the manually entered hostname or ip but not the profile populated versions.Of course, as soon as I shut the client down and reload it, i'm back to square one.

I have tried a few different combinations and it seems that whatever entry was populated in the list by the profile will never work, I have to manually type in either the IP or the hostname (the opposite of the profile entry) to get it working.

Anyone seen this behaviour and can suggest a fix/workaround ? I'm at a loss with this one !!

Cheers

5 Replies 5

Todd Pula
Level 7
Level 7

Would you be able to provide a sample of the AnyConnect profile that you are testing with?  I would like to see if I can duplicate the behavior on my lab ASA.

Hi Todd,

Thanks for the reply.

I have attached sanitised versions of the profile and the relevent bits of config from the ASA in the file attached.

Many thanks indeed for having a look at this. Very much appreciated.

Cheers

bravotom99
Level 1
Level 1

Are you using 2.5.1025?  I saw a similar issue but when i reverted back to 2.4.1012, everything works.  I am using the same profile but once I upgrade, I get invalid host.

Todd Pula
Level 7
Level 7

It is definitely strange.  When I import your profile into my ASA configuration, it reverts all of the fields to their defaults.  Although the context of the profile looks ok, I am wondering if the schema is being validated correctly.  If I make changes to the profile once loaded, the changes are saved as I would expect to see.  What I would do is either build the profile from scratch using either the .tmpl file that gets installed with AnyConnect or utilize the profile GUI in ASDM 6.3.  To access the profile directory in Windows XP, you can follow the path below.  Delete any existing XML files and use the AnyConnectProfile.tmpl file as your baseline.  This template will change with each new AnyConnect revision as features are added or modified.

C:\Documents and Settings\All Users\Application Data\Cisco\Cisco AnyConnect VPN Client\Profile

Thanks for the help guys..

Just an update.

I have also found that if i make changes to the profile manually, it works, even though the file doesnt appear to look any different although I still have to type the opposite of what was there already, i.e. type in the IP if the hostname was there originally.

I did try both the GUI in ASDM 6.3 and the standalone java version and both made no difference. It seems that if I manually edit the file in the way above, then it works.

I have found a workaround which may help you guys with more knowledge than me pin this down, If i use either GUI to build the profile but then omit the GROUP entry from the host portion of the profile, it works everytime.

It may be my config after all.

Cheers Guys.