Solved: AnyConnect sending but not receiving traffic

RonaldNutter · ‎10-17-2012

I am working on setting up AnyConnect from scratch. I have been using DOC ID 99756 as a base to work from.

I am using an ASA that currently doesnt have NAT in place and at this point, will only be used as a VPN Termination device.

I can connect and authenticate with AnyConnect without any problems. I am unable to see anything on the inside of the ASA.

I also dont have any firewall rules in place since I am not using this device as a firewall but just as a vpn termination point.

My gut feeling is that someting in the nat config is possibly causing the problem. Here are the nat portion of the config I have in place -

access-list no_nat extended permit ip 10.34.250.0 255.255.255.0 10.34.110.0 255.255.255.0

access-list no_nat extended permit ip 10.34.110.0 255.255.255.0 10.34.250.0 255.255.255.0

nat (Inside) 0 access-list no_nat

Any suggestions on how to troubleshoot this ? Everything I have tried so far hasnt helped or shown me where to look for the problem.

I have also made sure that the laptop I am working on has windows firewall disabled to make sure that isnt some or all of the problem.

Thanks,

Ron

Javier Portuguez · ‎10-19-2012

Ronald,

Thanks for adding the "show ip route" output:

Please make the following change:

no ip route 10.34.250.0 255.255.255.0 10.34.250.1

ip route 10.34.250.0 255.255.255.0 1 10.34.110.1 name DMZ-ASA

This should fix it.

Please rate any helpful posts

View solution in original post

Javier Portuguez · ‎10-17-2012

Hi Ronald,

If you do not have any NAT rules, then you probably have "no nat-control" in place.

Could you please provide the ASA´s configuration?

The NAT exempt does not have to include bidirectional traffic, only from inside to VPN pool.

Action Plan:

Please provide the config and I will let you know how to proceed further.

Thanks.

Portu.

Pleae rate any helpful posts

RonaldNutter · ‎10-18-2012

Here is the config that I am using. Thought it might be a routing issue so I tried enabling a routing protocol on the ASA but to no avail. Thanks for your help on this. Probably will be something simple.

Ron

--------------------------------------------------------------------------------

ASA Version 8.2(5)

!

hostname DMZ-ASA

names

name 10.34.250.0 SSLVPN

name 10.34.110.0 Inside-Net

!

interface Ethernet0/0

speed 100

duplex full

no nameif

no security-level

no ip address

!

interface Ethernet0/0.2

vlan 2

nameif Outside1

security-level 0

ip address 68.70.82.60 255.255.255.248

!

interface Ethernet0/0.3

vlan 3

nameif Outside2

security-level 0

ip address 66.250.241.176 255.255.255.192

!

interface Ethernet0/1

speed 100

duplex full

nameif Inside

security-level 100

ip address 10.34.110.1 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

boot system disk0:/asa825-k8.bin

ftp mode passive

same-security-traffic permit intra-interface

access-list no_nat extended permit ip Inside-Net 255.255.255.0 SSLVPN 255.255.255.0

pager lines 24

logging enable

logging timestamp

logging buffer-size 128000

logging buffered informational

logging asdm informational

mtu Outside1 1500

mtu Outside2 1500

mtu Inside 1500

mtu management 1500

ip local pool SSLClientPool 10.34.250.1-10.34.250.25 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

icmp permit any Inside

asdm image disk0:/asdm-621.bin

no asdm history enable

arp timeout 14400

nat (Inside) 0 access-list no_nat

route Outside1 0.0.0.0 0.0.0.0 68.70.82.57 254

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 192.168.1.0 255.255.255.0 management

no snmp-server location

no snmp-server contact

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto ca trustpoint localtrust

enrollment self

fqdn sslvpn.mydomain.com

subject-name CN=sslvpn.mydomain.com

keypair sslvpnkeypair

crl configure

crypto ca certificate chain localtrust

certificate ccfc7c50

408201e7 40820150 a0030201 020204cc fc7c5030 0d06092a 864886f7 0d010105

05003038 31173015 06035504 03130e73 736c7670 6e2e6276 742e636f 6d311d30

1b06092a 864886f7 0d010902 160e7373 6c76706e 2e627674 2e636f6d 301e170d

31323130 31363036 32343330 5a170d32 32313031 34303632 3433305a 30383117

30150603 55040313 0e73736c 76706e2e 6276742e 636f6d31 1d301b06 092a8648

86f70d01 0902160e 73736c76 706e2e62 76742e63 6f6d3081 9f300d06 092a8648

86f70d01 01010500 03818d00 30818902 818100aa 1106fbee c0051b4d 8fc7c3c8

63d35cb3 40d817e0 55368104 f4b2be70 c214e1d9 97b38796 e083cef2 b87f7586

71f931e7 8855425b 0f115c3d cbc33353 d13ce613 e4a2fef5 04feb1ce a9d94d2b

721d2556 3e6ec2c0 81e97d1e c3907467 82635ba3 ea192934 ebf8bd1a 0716b355

40c4ee4a dd3ba079 6e9aeb4c f8c7fddd 19b20d02 03010001 300d0609 2a864886

f70d0101 05050003 81810069 429532db f0092d62 a66f00ae 8ac7b02d d3e65155

29d8b43e 229107d1 aa466224 d13807a8 bbb3ccda 5c1e6903 dee35f7f 4433cf2b

54387314 993f0987 4e6e875a 6b5ce306 232ae982 08fe06bd 1d7c89f3 ae36a9d6

0b56b826 ee36edd8 65591623 92d445b8 a5a935f3 243bed4e fa402994 f0d4420b

eeb09bd5 42674f48 f110c4

quit

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd enable management

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ssl trust-point localtrust Outside1

webvpn

enable Outside1

anyconnect-essentials

svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1

svc enable

tunnel-group-list enable

group-policy SSLClientPolicy internal

group-policy SSLClientPolicy attributes

dns-server value 8.8.8.8

vpn-tunnel-protocol svc

default-domain value ssl.mydomain.com

address-pools value SSLClientPool

username admin password vj2PnQN8YQIJJnaR encrypted privilege 15

username user1 password B3jdacoKxFXbMTKT encrypted

username user1 attributes

service-type remote-access

tunnel-group SSLClientProfile type remote-access

tunnel-group SSLClientProfile general-attributes

default-group-policy SSLClientPolicy

tunnel-group SSLClientProfile webvpn-attributes

group-alias SSLVPNCient enable

!

class-map inspection_default

match default-inspection-traffic

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum client auto

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:498b61fa2508a0f545671595fd697416

: end

DMZ-ASA#

Javier Portuguez · ‎10-19-2012

Hi Ronald,

I am sorry for any delay

Please check this out:

Current configuration:

name 10.34.250.0 SSLVPN

name 10.34.110.0 Inside-Net

!

ip local pool SSLClientPool 10.34.250.1-10.34.250.25 mask 255.255.255.0

!

tunnel-group SSLClientProfile type remote-access

tunnel-group SSLClientProfile general-attributes

default-group-policy SSLClientPolicy

tunnel-group SSLClientProfile webvpn-attributes

group-alias SSLVPNCient enable

!

group-policy SSLClientPolicy internal

group-policy SSLClientPolicy attributes

dns-server value 8.8.8.8

vpn-tunnel-protocol svc

default-domain value ssl.mydomain.com

address-pools value SSLClientPool

!

nat (Inside) 0 access-list no_nat

!

access-list no_nat extended permit ip Inside-Net 255.255.255.0 SSLVPN 255.255.255.0

!

Action plan:

access-list SSLClientPolicy_Split permit 10.34.110.0 255.255.255.0

!

group-policy SSLClientPolicy attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value SSLClientPolicy_Split

!

policy-map global_policy

class inspection_default

inspect icmp

!

management-access inside

* Once connected the first IP you must try to ping is the inside IP of the ASA.

Let me know the results.

Portu.

Please rate any helpful posts

RonaldNutter · ‎10-19-2012

Thanks for the reply. I can see you have specified a split tunnel configuration. The problem I am having is talking to any device on the inside of the firewall when I am coming from the internet and connecting via AnyConnect.

For the purposes i am working under, I want the remote user to have all traffic come through the ASA and only be able to talk to what is behind the ASA on the inside interface while they are connected.

I can connect to the ASA via AnyConnect but not able to telnet/ssh/ping to anything on the inside interface.

Ron

RonaldNutter · ‎10-19-2012

Just tried the config, I can get to the outside world while the anyconnect client is connected which is what I dont want the user to be able to do. Still unable to get to any resources on the inside of the firewall while coming from the outside.

While on a VPN connection coming from the outside, I should get an ip address in the 10.34.250.x range and I do. While on a VPN connection using the configuration I have listed here, I cant access anything on the 10.34.110.x inside interface (I have a SSH/telnet host connected to the inside interface). I cant ping the inside interface or the SSH/Telnet host.

When I access the ASA from the Console server it is connected to, I have no problems in pinging the host at 10.34.110.2, so that would indicate that there isnt a routing problem between the ASA inside interface and the SSH/Telnet host also connected to the inside interface.

Ron

Javier Portuguez · ‎10-19-2012

Ron,

Did you add the "management-access Inside" command?

Please set the logs to debbuging:

logging buffered debugging

Try to access the inside and issue:

show log | inc vpn_client_IP

Thanks.

RonaldNutter · ‎10-19-2012

I put the management-access inside back into my configuration from what you sent but that is all that I put back. Here is the output of what you asked me to run. I dont see it declining any traffic. I was trying to ping 10.34.110.2.

DMZ-ASA# sh log | inc 68.70.82.59

Oct 19 2012 12:31:41: %ASA-7-609001: Built local-host Outside1:68.70.82.59

Oct 19 2012 12:31:41: %ASA-6-302013: Built inbound TCP connection 643 for Outside1:68.70.82.59/4922 (68.70.82.59/4922) to identity:68.70.82.60/443 (68.70.82.60/443)

Oct 19 2012 12:31:41: %ASA-6-725001: Starting SSL handshake with client Outside1:68.70.82.59/4922 for TLSv1 session.

Oct 19 2012 12:31:41: %ASA-7-725008: SSL client Outside1:68.70.82.59/4922 proposes the following 8 cipher(s).

Oct 19 2012 12:31:41: %ASA-7-725012: Device chooses cipher : RC4-SHA for the SSL session with client Outside1:68.70.82.59/4922

Oct 19 2012 12:31:41: %ASA-6-725002: Device completed SSL handshake with client Outside1:68.70.82.59/4922

Oct 19 2012 12:31:41: %ASA-6-725007: SSL session with client Outside1:68.70.82.59/4922 terminated.

Oct 19 2012 12:31:41: %ASA-6-302014: Teardown TCP connection 643 for Outside1:68.70.82.59/4922 to identity:68.70.82.60/443 duration 0:00:00 bytes 641 TCP Reset-I

Oct 19 2012 12:31:41: %ASA-7-609002: Teardown local-host Outside1:68.70.82.59 duration 0:00:00

Oct 19 2012 12:31:41: %ASA-7-609001: Built local-host Outside1:68.70.82.59

Oct 19 2012 12:31:41: %ASA-6-302013: Built inbound TCP connection 644 for Outside1:68.70.82.59/63587 (68.70.82.59/63587) to identity:68.70.82.60/443 (68.70.82.60/443)

Oct 19 2012 12:31:41: %ASA-6-725001: Starting SSL handshake with client Outside1:68.70.82.59/63587 for TLSv1 session.

Oct 19 2012 12:31:41: %ASA-6-725003: SSL client Outside1:68.70.82.59/63587 request to resume previous session.

Oct 19 2012 12:31:41: %ASA-6-725002: Device completed SSL handshake with client Outside1:68.70.82.59/63587

Oct 19 2012 12:31:41: %ASA-6-725007: SSL session with client Outside1:68.70.82.59/63587 terminated.

Oct 19 2012 12:31:41: %ASA-6-302014: Teardown TCP connection 644 for Outside1:68.70.82.59/63587 to identity:68.70.82.60/443 duration 0:00:00 bytes 427 TCP FINs

Oct 19 2012 12:31:41: %ASA-7-609002: Teardown local-host Outside1:68.70.82.59 duration 0:00:00

Oct 19 2012 12:31:41: %ASA-7-609001: Built local-host Outside1:68.70.82.59

Oct 19 2012 12:31:41: %ASA-6-302013: Built inbound TCP connection 645 for Outside1:68.70.82.59/35592 (68.70.82.59/35592) to identity:68.70.82.60/443 (68.70.82.60/443)

Oct 19 2012 12:31:41: %ASA-6-725001: Starting SSL handshake with client Outside1:68.70.82.59/35592 for TLSv1 session.

Oct 19 2012 12:31:41: %ASA-6-725003: SSL client Outside1:68.70.82.59/35592 request to resume previous session.

Oct 19 2012 12:31:41: %ASA-6-725002: Device completed SSL handshake with client Outside1:68.70.82.59/35592

Oct 19 2012 12:31:41: %ASA-6-725007: SSL session with client Outside1:68.70.82.59/35592 terminated.

Oct 19 2012 12:31:41: %ASA-6-302014: Teardown TCP connection 645 for Outside1:68.70.82.59/35592 to identity:68.70.82.60/443 duration 0:00:00 bytes 126 TCP Reset-I

Oct 19 2012 12:31:41: %ASA-7-609002: Teardown local-host Outside1:68.70.82.59 duration 0:00:00

Oct 19 2012 12:31:41: %ASA-7-609001: Built local-host Outside1:68.70.82.59

Oct 19 2012 12:31:41: %ASA-6-302013: Built inbound TCP connection 646 for Outside1:68.70.82.59/41351 (68.70.82.59/41351) to identity:68.70.82.60/443 (68.70.82.60/443)

Oct 19 2012 12:31:41: %ASA-6-725001: Starting SSL handshake with client Outside1:68.70.82.59/41351 for TLSv1 session.

Oct 19 2012 12:31:41: %ASA-6-725003: SSL client Outside1:68.70.82.59/41351 request to resume previous session.

Oct 19 2012 12:31:41: %ASA-6-725002: Device completed SSL handshake with client Outside1:68.70.82.59/41351

Oct 19 2012 12:31:41: %ASA-6-725007: SSL session with client Outside1:68.70.82.59/41351 terminated.

Oct 19 2012 12:31:41: %ASA-6-302014: Teardown TCP connection 646 for Outside1:68.70.82.59/41351 to identity:68.70.82.60/443 duration 0:00:00 bytes 1126 TCP FINs

Oct 19 2012 12:31:41: %ASA-7-609002: Teardown local-host Outside1:68.70.82.59 duration 0:00:00

Oct 19 2012 12:31:44: %ASA-7-609001: Built local-host Outside1:68.70.82.59

Oct 19 2012 12:31:44: %ASA-6-302013: Built inbound TCP connection 647 for Outside1:68.70.82.59/28246 (68.70.82.59/28246) to identity:68.70.82.60/443 (68.70.82.60/443)

Oct 19 2012 12:31:44: %ASA-6-725001: Starting SSL handshake with client Outside1:68.70.82.59/28246 for TLSv1 session.

Oct 19 2012 12:31:44: %ASA-6-725003: SSL client Outside1:68.70.82.59/28246 request to resume previous session.

Oct 19 2012 12:31:44: %ASA-6-725002: Device completed SSL handshake with client Outside1:68.70.82.59/28246

Oct 19 2012 12:31:44: %ASA-6-725007: SSL session with client Outside1:68.70.82.59/28246 terminated.

Oct 19 2012 12:31:44: %ASA-6-302014: Teardown TCP connection 647 for Outside1:68.70.82.59/28246 to identity:68.70.82.60/443 duration 0:00:00 bytes 126 TCP Reset-I

Oct 19 2012 12:31:44: %ASA-7-609002: Teardown local-host Outside1:68.70.82.59 duration 0:00:00

Oct 19 2012 12:31:44: %ASA-7-609001: Built local-host Outside1:68.70.82.59

Oct 19 2012 12:31:44: %ASA-6-302013: Built inbound TCP connection 648 for Outside1:68.70.82.59/13221 (68.70.82.59/13221) to identity:68.70.82.60/443 (68.70.82.60/443)

Oct 19 2012 12:31:44: %ASA-6-725001: Starting SSL handshake with client Outside1:68.70.82.59/13221 for TLSv1 session.

Oct 19 2012 12:31:44: %ASA-6-725003: SSL client Outside1:68.70.82.59/13221 request to resume previous session.

Oct 19 2012 12:31:44: %ASA-6-725002: Device completed SSL handshake with client Outside1:68.70.82.59/13221

Oct 19 2012 12:31:44: %ASA-7-734003: DAP: User rnutter, Addr 68.70.82.59: Session Attribute aaa.cisco.grouppolicy = SSLClientPolicy

Oct 19 2012 12:31:44: %ASA-7-734003: DAP: User rnutter, Addr 68.70.82.59: Session Attribute aaa.cisco.username = rnutter

Oct 19 2012 12:31:44: %ASA-7-734003: DAP: User rnutter, Addr 68.70.82.59: Session Attribute aaa.cisco.tunnelgroup = SSLClientProfile

Oct 19 2012 12:31:44: %ASA-6-734001: DAP: User rnutter, Addr 68.70.82.59, Connection AnyConnect: The following DAP records were selected for this connection: DfltAccessPolicy

Oct 19 2012 12:31:44: %ASA-6-716001: Group User IP <68.70.82.59> WebVPN session started.

Oct 19 2012 12:31:44: %ASA-6-716038: Group User IP <68.70.82.59> Authentication: successful, Session Type: WebVPN.

Oct 19 2012 12:31:44: %ASA-6-302013: Built inbound TCP connection 649 for Outside1:68.70.82.59/23402 (68.70.82.59/23402) to identity:68.70.82.60/443 (68.70.82.60/443)

Oct 19 2012 12:31:44: %ASA-6-725001: Starting SSL handshake with client Outside1:68.70.82.59/23402 for TLSv1 session.

Oct 19 2012 12:31:44: %ASA-6-725003: SSL client Outside1:68.70.82.59/23402 request to resume previous session.

Oct 19 2012 12:31:44: %ASA-6-725002: Device completed SSL handshake with client Outside1:68.70.82.59/23402

Oct 19 2012 12:31:44: %ASA-6-725007: SSL session with client Outside1:68.70.82.59/23402 terminated.

Oct 19 2012 12:31:44: %ASA-6-302014: Teardown TCP connection 649 for Outside1:68.70.82.59/23402 to identity:68.70.82.60/443 duration 0:00:00 bytes 126 TCP Reset-I

Oct 19 2012 12:31:44: %ASA-6-302013: Built inbound TCP connection 650 for Outside1:68.70.82.59/31891 (68.70.82.59/31891) to identity:68.70.82.60/443 (68.70.82.60/443)

Oct 19 2012 12:31:44: %ASA-6-725001: Starting SSL handshake with client Outside1:68.70.82.59/31891 for TLSv1 session.

Oct 19 2012 12:31:44: %ASA-6-725003: SSL client Outside1:68.70.82.59/31891 request to resume previous session.

Oct 19 2012 12:31:44: %ASA-6-725002: Device completed SSL handshake with client Outside1:68.70.82.59/31891

Oct 19 2012 12:31:44: %ASA-6-302013: Built inbound TCP connection 651 for Outside1:68.70.82.59/62280 (68.70.82.59/62280) to identity:68.70.82.60/443 (68.70.82.60/443)

Oct 19 2012 12:31:44: %ASA-6-725001: Starting SSL handshake with client Outside1:68.70.82.59/62280 for TLSv1 session.

Oct 19 2012 12:31:44: %ASA-6-725003: SSL client Outside1:68.70.82.59/62280 request to resume previous session.

Oct 19 2012 12:31:44: %ASA-6-725002: Device completed SSL handshake with client Outside1:68.70.82.59/62280

Oct 19 2012 12:31:44: %ASA-6-725007: SSL session with client Outside1:68.70.82.59/62280 terminated.

Oct 19 2012 12:31:44: %ASA-6-302014: Teardown TCP connection 651 for Outside1:68.70.82.59/62280 to identity:68.70.82.60/443 duration 0:00:00 bytes 126 TCP Reset-I

Oct 19 2012 12:31:44: %ASA-6-302013: Built inbound TCP connection 652 for Outside1:68.70.82.59/32681 (68.70.82.59/32681) to identity:68.70.82.60/443 (68.70.82.60/443)

Oct 19 2012 12:31:44: %ASA-6-725001: Starting SSL handshake with client Outside1:68.70.82.59/32681 for TLSv1 session.

Oct 19 2012 12:31:44: %ASA-6-725003: SSL client Outside1:68.70.82.59/32681 request to resume previous session.

Oct 19 2012 12:31:44: %ASA-6-725002: Device completed SSL handshake with client Outside1:68.70.82.59/32681

Oct 19 2012 12:31:44: %ASA-6-302013: Built inbound TCP connection 653 for Outside1:68.70.82.59/13094 (68.70.82.59/13094) to identity:68.70.82.60/443 (68.70.82.60/443)

Oct 19 2012 12:31:44: %ASA-6-725001: Starting SSL handshake with client Outside1:68.70.82.59/13094 for TLSv1 session.

Oct 19 2012 12:31:44: %ASA-6-725003: SSL client Outside1:68.70.82.59/13094 request to resume previous session.

Oct 19 2012 12:31:44: %ASA-6-725002: Device completed SSL handshake with client Outside1:68.70.82.59/13094

Oct 19 2012 12:31:44: %ASA-6-725007: SSL session with client Outside1:68.70.82.59/13094 terminated.

Oct 19 2012 12:31:44: %ASA-6-302014: Teardown TCP connection 653 for Outside1:68.70.82.59/13094 to identity:68.70.82.60/443 duration 0:00:00 bytes 126 TCP Reset-I

Oct 19 2012 12:31:44: %ASA-6-302013: Built inbound TCP connection 654 for Outside1:68.70.82.59/17201 (68.70.82.59/17201) to identity:68.70.82.60/443 (68.70.82.60/443)

Oct 19 2012 12:31:44: %ASA-6-725001: Starting SSL handshake with client Outside1:68.70.82.59/17201 for TLSv1 session.

Oct 19 2012 12:31:44: %ASA-6-725003: SSL client Outside1:68.70.82.59/17201 request to resume previous session.

Oct 19 2012 12:31:44: %ASA-6-725002: Device completed SSL handshake with client Outside1:68.70.82.59/17201

Oct 19 2012 12:31:45: %ASA-6-302013: Built inbound TCP connection 655 for Outside1:68.70.82.59/1623 (68.70.82.59/1623) to identity:68.70.82.60/443 (68.70.82.60/443)

Oct 19 2012 12:31:45: %ASA-6-725001: Starting SSL handshake with client Outside1:68.70.82.59/1623 for TLSv1 session.

Oct 19 2012 12:31:45: %ASA-7-725008: SSL client Outside1:68.70.82.59/1623 proposes the following 8 cipher(s).

Oct 19 2012 12:31:45: %ASA-7-725012: Device chooses cipher : RC4-SHA for the SSL session with client Outside1:68.70.82.59/1623

Oct 19 2012 12:31:45: %ASA-6-725002: Device completed SSL handshake with client Outside1:68.70.82.59/1623

Oct 19 2012 12:31:45: %ASA-6-725007: SSL session with client Outside1:68.70.82.59/1623 terminated.

Oct 19 2012 12:31:45: %ASA-6-302014: Teardown TCP connection 655 for Outside1:68.70.82.59/1623 to identity:68.70.82.60/443 duration 0:00:00 bytes 641 TCP Reset-I

Oct 19 2012 12:31:47: %ASA-6-302013: Built inbound TCP connection 656 for Outside1:68.70.82.59/44849 (68.70.82.59/44849) to identity:68.70.82.60/443 (68.70.82.60/443)

Oct 19 2012 12:31:47: %ASA-6-725001: Starting SSL handshake with client Outside1:68.70.82.59/44849 for TLSv1 session.

Oct 19 2012 12:31:47: %ASA-6-725003: SSL client Outside1:68.70.82.59/44849 request to resume previous session.

Oct 19 2012 12:31:47: %ASA-6-725002: Device completed SSL handshake with client Outside1:68.70.82.59/44849

Oct 19 2012 12:31:47: %ASA-6-725007: SSL session with client Outside1:68.70.82.59/44849 terminated.

Oct 19 2012 12:31:47: %ASA-6-302014: Teardown TCP connection 656 for Outside1:68.70.82.59/44849 to identity:68.70.82.60/443 duration 0:00:00 bytes 126 TCP Reset-I

Oct 19 2012 12:31:47: %ASA-6-302013: Built inbound TCP connection 657 for Outside1:68.70.82.59/59979 (68.70.82.59/59979) to identity:68.70.82.60/443 (68.70.82.60/443)

Oct 19 2012 12:31:47: %ASA-6-725001: Starting SSL handshake with client Outside1:68.70.82.59/59979 for TLSv1 session.

Oct 19 2012 12:31:47: %ASA-6-725003: SSL client Outside1:68.70.82.59/59979 request to resume previous session.

Oct 19 2012 12:31:47: %ASA-6-725002: Device completed SSL handshake with client Outside1:68.70.82.59/59979

Oct 19 2012 12:31:49: %ASA-6-302013: Built inbound TCP connection 658 for Outside1:68.70.82.59/3312 (68.70.82.59/3312) to identity:68.70.82.60/443 (68.70.82.60/443)

Oct 19 2012 12:31:49: %ASA-6-725001: Starting SSL handshake with client Outside1:68.70.82.59/3312 for TLSv1 session.

Oct 19 2012 12:31:49: %ASA-7-725008: SSL client Outside1:68.70.82.59/3312 proposes the following 6 cipher(s).

Oct 19 2012 12:31:49: %ASA-7-725012: Device chooses cipher : RC4-SHA for the SSL session with client Outside1:68.70.82.59/3312

Oct 19 2012 12:31:49: %ASA-6-725002: Device completed SSL handshake with client Outside1:68.70.82.59/3312

Oct 19 2012 12:31:49: %ASA-4-722041: TunnelGroup GroupPolicy User IP <68.70.82.59> No IPv6 address available for SVC connection

Oct 19 2012 12:31:49: %ASA-5-722033: Group User IP <68.70.82.59> First TCP SVC connection established for SVC session.

Oct 19 2012 12:31:49: %ASA-6-722022: Group User IP <68.70.82.59> TCP SVC connection established without compression

Oct 19 2012 12:31:49: %ASA-4-722051: Group User IP <68.70.82.59> Address <10.34.250.1> assigned to session

Oct 19 2012 12:31:49: %ASA-6-734001: DAP: User rnutter, Addr 68.70.82.59, Connection AnyConnect: The following DAP records were selected for this connection: DfltAccessPolicy

Oct 19 2012 12:31:51: %ASA-6-302015: Built inbound UDP connection 659 for Outside1:68.70.82.59/1722 (68.70.82.59/1722) to identity:68.70.82.60/443 (68.70.82.60/443)

Oct 19 2012 12:31:51: %ASA-6-725001: Starting SSL handshake with client Outside1:68.70.82.59/1722 for DTLSv1 session.

Oct 19 2012 12:31:51: %ASA-6-725003: SSL client Outside1:68.70.82.59/1722 request to resume previous session.

Oct 19 2012 12:31:51: %ASA-6-725002: Device completed SSL handshake with client Outside1:68.70.82.59/1722

Oct 19 2012 12:31:52: %ASA-6-302014: Teardown TCP connection 657 for Outside1:68.70.82.59/59979 to identity:68.70.82.60/443 duration 0:00:04 bytes 1466 TCP Reset-O

Oct 19 2012 12:31:52: %ASA-6-725007: SSL session with client Outside1:68.70.82.59/59979 terminated.

Oct 19 2012 12:32:31: %ASA-6-302016: Teardown UDP connection 659 for Outside1:68.70.82.59/1722 to identity:68.70.82.60/443 duration 0:00:40 bytes 55351

Oct 19 2012 12:32:31: %ASA-6-725007: SSL session with client Outside1:68.70.82.59/1722 terminated.

Oct 19 2012 12:32:31: %ASA-6-302015: Built inbound UDP connection 674 for Outside1:68.70.82.59/11181 (68.70.82.59/11181) to identity:68.70.82.60/443 (68.70.82.60/443)

Oct 19 2012 12:32:31: %ASA-6-725001: Starting SSL handshake with client Outside1:68.70.82.59/11181 for DTLSv1 session.

Oct 19 2012 12:32:31: %ASA-6-725003: SSL client Outside1:68.70.82.59/11181 request to resume previous session.

Oct 19 2012 12:32:31: %ASA-6-725002: Device completed SSL handshake with client Outside1:68.70.82.59/11181

Oct 19 2012 12:32:31: %ASA-5-722033: Group User IP <68.70.82.59> First UDP SVC connection established for SVC session.

Oct 19 2012 12:32:31: %ASA-6-722022: Group User IP <68.70.82.59> UDP SVC connection established without compression

Oct 19 2012 12:32:46: %ASA-6-302014: Teardown TCP connection 648 for Outside1:68.70.82.59/13221 to identity:68.70.82.60/443 duration 0:01:01 bytes 1452 Connection timeout

Oct 19 2012 12:32:46: %ASA-6-302014: Teardown TCP connection 650 for Outside1:68.70.82.59/31891 to identity:68.70.82.60/443 duration 0:01:01 bytes 8373 Connection timeout

Oct 19 2012 12:32:46: %ASA-6-302014: Teardown TCP connection 652 for Outside1:68.70.82.59/32681 to identity:68.70.82.60/443 duration 0:01:01 bytes 352 Connection timeout

Oct 19 2012 12:32:46: %ASA-6-302014: Teardown TCP connection 654 for Outside1:68.70.82.59/17201 to identity:68.70.82.60/443 duration 0:01:01 bytes 426 Connection timeout

Oct 19 2012 12:32:46: %ASA-6-725007: SSL session with client Outside1:68.70.82.59/13221 terminated.

Oct 19 2012 12:32:46: %ASA-6-725007: SSL session with client Outside1:68.70.82.59/31891 terminated.

Oct 19 2012 12:32:46: %ASA-6-725007: SSL session with client Outside1:68.70.82.59/32681 terminated.

Oct 19 2012 12:32:46: %ASA-6-725007: SSL session with client Outside1:68.70.82.59/17201 terminated.

Oct 19 2012 12:33:21: %ASA-7-722029: Group User IP <68.70.82.59> SVC Session Termination: Conns: 2, DPD Conns: 0, Comp resets: 0, Dcmp resets: 0.

Oct 19 2012 12:33:21: %ASA-7-722030: Group User IP <68.70.82.59> SVC Session Termination: In: 78610 (+1604) bytes, 942 (+26) packets, 0 drops.

Oct 19 2012 12:33:21: %ASA-7-722031: Group User IP <68.70.82.59> SVC Session Termination: Out: 732 (+1502) bytes, 1 (+18) packets, 0 drops.