cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
981
Views
0
Helpful
6
Replies

AnyConnect not connecting when i remove the "tunnel-group-list enable" option in the webvpn settings

Hello guys.

 

I have configured a remote access VPN on the ASA which is working correctly, but now i want to remove the option for the users to select the Tunnel-group on the AnyConnect login window. i go to the webvpn configuration and remove the "tunnel-group-list enable" option and when i try to connect with AnyConnect this time its giving me a login failed message, like an putting in the wrong password. What am i doing wrong?

 

Here is my configuration:

 

webvpn

 enable INTRA-SERV-OUT

 anyconnect image disk0:/anyconnect-win-2.4.1012-k9.pkg 1

 anyconnect enable

 tunnel-group-list enable

 cache

 disable

 error-recovery disable

 

group-policy GroupPolicy_APN attributes

 wins-server none

 dns-server value 10.10.1.14 10.10.1.13

 vpn-simultaneous-logins 1

 vpn-idle-timeout 10

 vpn-filter value APN_VPN_ACL

 vpn-tunnel-protocol ssl-client

 split-tunnel-policy tunnelall

 default-domain value DOMAIN.LOCAL

 split-tunnel-all-dns enable

group-policy VPN internal

group-policy VPN attributes

 dns-server value 10.10.1.14 10.10.1.13

 vpn-simultaneous-logins 1

 vpn-idle-timeout 5

 vpn-tunnel-protocol ssl-client

 split-tunnel-policy tunnelall

 default-domain value DOMAIN.local

 split-tunnel-all-dns enable

 

tunnel-group APN type remote-access

tunnel-group APN general-attributes

 address-pool APN-VPN-POOL

 authentication-server-group AD-RADIUS

 authentication-server-group (INTRA-SERV-OUT) AD-RADIUS

tunnel-group APN webvpn-attributes

 group-alias APN enable

6 Replies 6

@vitumbiko nkhwazi 

The connection is now probably hitting the default tunnel-group rather than APN.

Configure a group-url for APN and modify the XML profile on the ASA to reflect the change, this will be updated on the client computers once they connect.

HTH

@Rob Ingram  can you point to me to a reference page where i can see how to configure a group-url?

 

Regards.

Auto Connect on Start,

check this in profile I think the client try connect to previous group and hence failed.

@MHM Cisco World sorry, am sort of new to this Anyconnect stuff, which profile do i need to check for the Auto Connect on Start?

 

Regards.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: