cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Anyconnect VPN login failure log?

Joshua Engels
Beginner
Beginner

Hey guys,

Is there a way to see why a particular user logging into our Anyconnect VPN fails?  The logon server is just an LDAP connection to our Active Directory enviornment.  I am troubleshooting a phone vpn connection but have no way of seeing why the connection fails.  Do I have to debug or is there a menu in the ASDM that will tell me the failure reason? 

Example:  Bad password or username.           

2 REPLIES 2

andduart
Beginner
Beginner

Hi,

Did you test this user using the test option in Asdm? You need to go the server configured and use the test button, if it fails, can u collect some logs?
You can also use the debug ldap 255 in cli

Regards,

Sent from Cisco Technical Support iPhone App

Jatin Katyal
Cisco Employee
Cisco Employee

If this is happening with just one user, you may need to look at the user porperties. Did you check if user account is locked out on AD.

If you want to debug that specific attempt, then please run "debug ldap 255" and run the below listed command:

test aaa authentication LDAP-GROUP host

username:xxxx

password:xxxx

Get the output.

Also, take a look at ldap server > event viewer and see what error are we getting.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: