Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1498
Views
0
Helpful
6
Replies

AnyConnect not connecting when i remove the "tunnel-group-list enable" option in the webvpn settings

vitumbiko nkhwazi
Level 1
Level 1

‎02-24-2021 01:13 AM

Hello guys.

 

I have configured a remote access VPN on the ASA which is working correctly, but now i want to remove the option for the users to select the Tunnel-group on the AnyConnect login window. i go to the webvpn configuration and remove the "tunnel-group-list enable" option and when i try to connect with AnyConnect this time its giving me a login failed message, like an putting in the wrong password. What am i doing wrong?

 

Here is my configuration:

 

webvpn

 enable INTRA-SERV-OUT

 anyconnect image disk0:/anyconnect-win-2.4.1012-k9.pkg 1

 anyconnect enable

 tunnel-group-list enable

 cache

 disable

 error-recovery disable

 

group-policy GroupPolicy_APN attributes

 wins-server none

 dns-server value 10.10.1.14 10.10.1.13

 vpn-simultaneous-logins 1

 vpn-idle-timeout 10

 vpn-filter value APN_VPN_ACL

 vpn-tunnel-protocol ssl-client

 split-tunnel-policy tunnelall

 default-domain value DOMAIN.LOCAL

 split-tunnel-all-dns enable

group-policy VPN internal

group-policy VPN attributes

 dns-server value 10.10.1.14 10.10.1.13

 vpn-simultaneous-logins 1

 vpn-idle-timeout 5

 vpn-tunnel-protocol ssl-client

 split-tunnel-policy tunnelall

 default-domain value DOMAIN.local

 split-tunnel-all-dns enable

 

tunnel-group APN type remote-access

tunnel-group APN general-attributes

 address-pool APN-VPN-POOL

 authentication-server-group AD-RADIUS

 authentication-server-group (INTRA-SERV-OUT) AD-RADIUS

tunnel-group APN webvpn-attributes

 group-alias APN enable

0 Helpful
6 Replies 6

Rob Ingram
VIP
VIP

‎02-24-2021 02:11 AM

@vitumbiko nkhwazi 

The connection is now probably hitting the default tunnel-group rather than APN.

Configure a group-url for APN and modify the XML profile on the ASA to reflect the change, this will be updated on the client computers once they connect.

HTH

0 Helpful

vitumbiko nkhwazi
Level 1
Level 1
In response to Rob Ingram

‎02-24-2021 05:31 AM

@Rob Ingram  can you point to me to a reference page where i can see how to configure a group-url?

 

Regards.

0 Helpful

MHM Cisco World
VIP
VIP

‎02-24-2021 04:50 AM

Auto Connect on Start,

check this in profile I think the client try connect to previous group and hence failed.

0 Helpful

vitumbiko nkhwazi
Level 1
Level 1
In response to MHM Cisco World

‎02-24-2021 05:16 AM

@MHM Cisco World sorry, am sort of new to this Anyconnect stuff, which profile do i need to check for the Auto Connect on Start?

 

Regards.

0 Helpful
Customers Also Viewed These Support Documents