Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1693
Views
0
Helpful
1
Replies

Anyconnect SSL VPN Authentication Feilure

ifabrizio
Level 3
Level 3

‎12-27-2012 02:32 AM - edited ‎02-21-2020 06:34 PM

Dear All,

I have configured an Asa 5510 as SSL vpn gataway ver 8.2(4) Anyconnect Essential. The clients are authenticated via Radius and OTP password.

All work well since yesterday. When I have did same configuration changes. My objective was has that the clients accept the self signed certificate issued by the Asa whitout give the warning about the private cert.

So I have try to generaste a new certificate with FQDN equal to myasa.mydomain.com and also a CN=myasa

Then I have change the provile XML file of my anyconnect in this way:

<HostEntry>

            <HostName>myasa</HostName>

            <HostAddress>xxx.xxx.xxx.xxx</HostAddress>

        <PrimaryProtocol>SSL</PrimaryProtocol>       

Then I installed the certificate on my Win7 Pc in the Trusted Root Certification Authority.

The result of all my changes is that now the login fail! Someone could help me pls?

webvpn_allocate_auth_struct: net_handle = DA0C3608

webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]

webvpn_portal.c:webvpn_login_validate_net_handle[2234]

webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]

webvpn_portal.c:webvpn_login_assign_app_next[2272]

webvpn_portal.c:webvpn_login_cookie_check[2289]

webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]

webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]

webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name = VPNSSL

webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]

webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]

webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]

webvpn_login_resolve_tunnel_group: tgCookie = NULL

webvpn_login_resolve_tunnel_group: tunnel group name from group list

webvpn_login_resolve_tunnel_group: TG_BUFFER = VPNSSL

webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]

webvpn_portal.c:webvpn_login_check_cert_status[2733]

webvpn_portal.c:webvpn_login_cert_only[2774]

webvpn_portal.c:webvpn_login_primary_username[2796]

webvpn_portal.c:webvpn_login_primary_password[2878]

webvpn_portal.c:webvpn_login_secondary_username[2910]

webvpn_portal.c:webvpn_login_secondary_password[2988]

webvpn_portal.c:webvpn_login_extra_password[3021]

webvpn_portal.c:webvpn_login_set_cookie_flag[3040]

webvpn_portal.c:webvpn_login_set_auth_group_type[3063]

webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 1

webvpn_portal.c:webvpn_login_aaa_not_resuming[3137]

webvpn_portal.c:http_webvpn_kill_cookie[790]

webvpn_auth.c:http_webvpn_pre_authentication[2321]

WebVPN: calling AAA with ewsContext (-636397680) and nh (-636733944)!

webvpn_add_auth_handle: auth_handle = 95

WebVPN: started user authentication...

webvpn_auth.c:webvpn_aaa_callback[5163]

WebVPN: AAA status = (ACCEPT)

webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]

webvpn_portal.c:webvpn_login_validate_net_handle[2234]

webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]

webvpn_portal.c:webvpn_login_assign_app_next[2272]

webvpn_portal.c:webvpn_login_cookie_check[2289]

webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]

webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]

webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name = VPNSSL

webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]

webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]

webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]

webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]

webvpn_portal.c:webvpn_login_check_cert_status[2733]

webvpn_portal.c:webvpn_login_cert_only[2774]

webvpn_portal.c:webvpn_login_primary_username[2796]

webvpn_portal.c:webvpn_login_primary_password[2878]

webvpn_portal.c:webvpn_login_secondary_username[2910]

webvpn_portal.c:webvpn_login_secondary_password[2988]

webvpn_portal.c:webvpn_login_extra_password[3021]

webvpn_portal.c:webvpn_login_set_cookie_flag[3040]

webvpn_portal.c:webvpn_login_set_auth_group_type[3063]

webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 1

webvpn_portal.c:webvpn_login_aaa_resuming[3093]

webvpn_auth.c:http_webvpn_post_authentication[1485]

WebVPN: user: (fabrizio@mydomain.com) authenticated.

webvpn_auth.c:http_webvpn_auth_accept[2939]

WARNING: CSD is disabled by AnyConnect Essentials license.

webvpn_session.c:http_webvpn_create_session[184]

webvpn_session.c:http_webvpn_find_session[159]

WebVPN session created!

webvpn_session.c:http_webvpn_find_session[159]

webvpn_session.c:http_webvpn_destroy_session[1386]

webvpn_remove_auth_handle: auth_handle = 95

WARNING: CSD is disabled by AnyConnect Essentials license.

WARNING: CSD is disabled by AnyConnect Essentials license.

webvpn_portal.c:webvpn_determine_primary_username[5689]

webvpn_portal.c:webvpn_determine_secondary_username[5758]

webvpn_portal.c:ewaFormServe_webvpn_login[1974]

webvpn_portal.c:http_webvpn_kill_cookie[790]

APP_BUFFER: <option value="VPNSSL" noaaa="0" >dntsbewvpn</option>

webvpn_free_auth_struct: net_handle = DA0C3608

webvpn_allocate_auth_struct: net_handle = DA0C3608

webvpn_free_auth_struct: net_handle = DA0C3608

Labels:
0 Helpful
1 Reply 1

ifabrizio
Level 3
Level 3

‎12-27-2012 06:32 AM

Dear All,

I have found why the authentication was stop to work.

I have lost in the config the command:

svc image disk0:/anyconnect-win-xxxxxk9.pkg 1

Now it works.

Best regards,

Igor.
0 Helpful
Customers Also Viewed These Support Documents