cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
651
Views
0
Helpful
6
Replies

Anyconnect Mgmnt Tunnel Error

ravinsilvaems
Level 1
Level 1

Failed established Anyconnect management tunnel from the client and shows invalid vpn configuration as below.

ravinsilvaems_0-1716657509903.png

ASA logs as below and shows this error SVC Message: 16/ERROR: Configuration received from secure gateway was invalid.

Could someone please share if there is a solution.(Client Bypass Protocol already enabled under group policy of the tunnel)

ASA Logs

May 25 2024 17:01:54: %ASA-6-725016: Device selects trust-point ASAVPN2 for client inside:192.168.0.175/54489 to 192.168.0.200/443
May 25 2024 17:01:54: %ASA-7-725017: No certificates received during the handshake with client inside:192.168.0.175/54489 to 192.168.0.200/443 for DTLSv1 session
May 25 2024 17:01:54: %ASA-6-725002: Device completed SSL handshake with client inside:192.168.0.175/54489 to 192.168.0.200/443 for TLSv1.2 session
May 25 2024 17:01:54: %ASA-7-737035: IPAA: Session=0x0bf3d000, 'IPv4 address request' message queued
May 25 2024 17:01:54: %ASA-7-737035: IPAA: Session=0x0bf3d000, 'IPv6 address request' message queued
May 25 2024 17:01:54: %ASA-7-737001: IPAA: Session=0x0bf3d000, Received message 'IPv4 address request'
May 25 2024 17:01:54: %ASA-5-737003: IPAA: Session=0x0bf3d000, DHCP configured, no viable servers found for tunnel-group 'Management_Tunnel'
May 25 2024 17:01:54: %ASA-6-737026: IPAA: Session=0x0bf3d000, Client assigned 10.10.10.25 from local pool
May 25 2024 17:01:54: %ASA-6-737006: IPAA: Session=0x0bf3d000, Local pool request succeeded for tunnel-group 'Management_Tunnel'
May 25 2024 17:01:54: %ASA-7-737001: IPAA: Session=0x0bf3d000, Received message 'IPv6 address request'
May 25 2024 17:01:54: %ASA-5-737034: IPAA: Session=0x0bf3d000, IPv6 address: IPv6 local pool address assignment disabled.
May 25 2024 17:01:54: %ASA-5-737034: IPAA: Session=0x0bf3d000, IPv6 address: callback failed during IPv6 request
May 25 2024 17:01:54: %ASA-4-722041: TunnelGroup <Management_Tunnel> GroupPolicy <GroupPolicy_Management_Tunnel> User <DESKTOP-E1GLBEF.test191.net> IP <192.168.0.175> No IPv6 address available for SVC connection
May 25 2024 17:01:54: %ASA-7-609001: Built local-host inside:10.10.10.25
May 25 2024 17:01:54: %ASA-5-722033: Group <GroupPolicy_Management_Tunnel> User <DESKTOP-E1GLBEF.test191.net> IP <192.168.0.175> First TCP SVC connection established for SVC session.
May 25 2024 17:01:54: %ASA-6-722022: Group <GroupPolicy_Management_Tunnel> User <DESKTOP-E1GLBEF.test191.net> IP <192.168.0.175> TCP SVC connection established without compression
May 25 2024 17:01:54: %ASA-7-746012: user-identity: Add IP-User mapping 10.10.10.25 - LOCAL\DESKTOP-E1GLBEF.test191.net Succeeded - VPN user
May 25 2024 17:01:54: %ASA-6-722055: Group <GroupPolicy_Management_Tunnel> User <DESKTOP-E1GLBEF.test191.net> IP <192.168.0.175> Client Type: Cisco AnyConnect VPN Agent for Windows 4.10.06079
May 25 2024 17:01:54: %ASA-4-722051: Group <GroupPolicy_Management_Tunnel> User <DESKTOP-E1GLBEF.test191.net> IP <192.168.0.175> IPv4 Address <10.10.10.25> IPv6 address <::> assigned to session
May 25 2024 17:01:54: %ASA-4-722037: Group <GroupPolicy_Management_Tunnel> User <DESKTOP-E1GLBEF.test191.net> IP <192.168.0.175> SVC closing connection: Transport closing.
May 25 2024 17:01:54: %ASA-5-722010: Group <GroupPolicy_Management_Tunnel> User <DESKTOP-E1GLBEF.test191.net> IP <192.168.0.175> SVC Message: 16/ERROR: Configuration received from secure gateway was invalid..
May 25 2024 17:01:54: %ASA-7-737035: IPAA: Session=0x0bf3d000, 'IPv4 address release' message queued
May 25 2024 17:01:54: %ASA-7-609002: Teardown local-host inside:10.10.10.25 duration 0:00:00
May 25 2024 17:01:54: %ASA-6-716002: Group <GroupPolicy_Management_Tunnel> User <DESKTOP-E1GLBEF.test191.net> IP <192.168.0.175> WebVPN session terminated: User Requested.
May 25 2024 17:01:54: %ASA-7-746013: user-identity: Delete IP-User mapping 10.10.10.25 - LOCAL\DESKTOP-E1GLBEF.test191.net Succeeded - VPN user logout
May 25 2024 17:01:54: %ASA-4-113019: Group = Management_Tunnel, Username = DESKTOP-E1GLBEF.test191.net, IP = 192.168.0.175, Session disconnected. Session Type: AnyConnect-Parent, Duration: 0h:00m:00s, Bytes xmt: 15454, Bytes rcv: 0, Reason: User Requested
May 25 2024 17:01:54: %ASA-7-737001: IPAA: Session=0x0bf3d000, Received message 'IPv4 address release'
May 25 2024 17:01:54: %ASA-6-737016: IPAA: Session=0x0bf3d000, Freeing local pool address 10.10.10.25

6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

Is this LAB ? are you trying to initiate the connection from INSIDE network for testing?

how is your ASA configuration looks like - post show run

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Yes, this is lab environment and before production implementation. please find the attached config

i will look at the config and advise what is missing, before i go to that level.

when you production is the users connect from inside or outside ?

if they are outside, simulate from outside config rather inside and let us know the results.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks balaji, please find the attached config simulated to outside interface.

I can ping inside network when I connect VPN4 with user cetificate, but Management_Tunnel still same issue.

marce1000
VIP
VIP

 

       - FYI : https://community.cisco.com/t5/vpn/anyconnect-4-7-management-tunnel-vpn-issue/m-p/3778529#M148525

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Client Bypass Protocol already enabled under group policy of the tunnel but still same issue.