AnyConnect VPN setup Conecction Failed

neilf_adsi · ‎11-25-2015

Hi

I've been trying to configure AnyConnect VPN, I've tried using the wizard and also command line, but it will not connect.

I get to a point connecting on my iPhone where it gives me the banner from the group policy and prompts for a username and password. After entering this, it fails to connect. On a Windows 7 PC it just says connection failed.

Can anyone help please?

Thanks

Heres the relevant config bits:

access-list VPN_AC_ACL extended permit ip object-group VPN_CLIENTS object-group MGT_LAN
access-list VPN_AC_ACL extended permit ip object-group VPN_CLIENTS object-group PRT_LAN
access-list VPN_AC_ACL extended permit ip object-group VPN_CLIENTS object-group SVR_LAN
access-list VPN_AC_ACL extended permit ip object-group VPN_CLIENTS object-group WKSTN_LAN

dynamic-access-policy-record VPN_ANYC_PROD_IT
 description "AnyConnect VPN Client"
 network-acl VPN_AC_ACL
 priority 5
 webvpn
 url-list none
 svc ask none default svc

webvpn
enable EXT_PUB_INT 
anyconnect image disk0:/anyconnect-win-4.2.00096-k9.pkg 1 regex "Windows NT"
 anyconnect enable
 tunnel-group-list enable

group-policy AnyConnectPolicy internal
group-policy AnyConnectPolicy attributes
 banner value ************* WARNING *************
 banner value Use of this connection is restricted to authorised users only.
 banner value Unauthorised or inappropriate use is prohibited and may be subject to administrative, criminal,
 banner value or civil penalties. This connection is monitored and logged.
 wins-server none
 dns-server value 172.26.4.8 172.26.4.9
 vpn-tunnel-protocol ikev2 ssl-client
 ipsec-udp enable
 ipsec-udp-port 10000
 default-domain value domain.local

tunnel-group AnyConnectGroup type remote-access
tunnel-group AnyConnectGroup general-attributes
 address-pool VPN_CLIENT_USER
 default-group-policy AnyConnectPolicy
tunnel-group AnyConnectGroup webvpn-attributes
 group-alias COMPVPN enable

Richard Bradfield · ‎11-25-2015

please find enclosed a relevent config from a working ASA config

ip local pool DRVPNCLIENT 172.17.32.1-172.17.32.254 mask 255.255.255.0

ssl encryption aes256-sha1 aes128-sha1 3des-sha1
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-3.1.06079-k9.pkg 1
anyconnect image disk0:/anyconnect-win-3.1.05182-k9.pkg 2
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 3
anyconnect profiles backup-server disk0:/backup-server.xml
anyconnect enable
tunnel-group-list enable

group-policy policy4ssl internal
group-policy policy4ssl attributes
dns-server value 172.17.6.228 172.17.6.220
vpn-idle-timeout 15
vpn-filter value pdassl
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value 90
default-domain value <mydomain>
user-authentication enable
address-pools value DRVPNCLIENT
webvpn
anyconnect keep-installer installed
anyconnect dpd-interval client 300
anyconnect dpd-interval gateway 300
anyconnect profiles value backup-server type user
anyconnect ask enable default anyconnect timeout 20
hidden-shares visible
file-entry enable
file-browsing enable
url-entry enable
tunnel-group clientssl type remote-access
tunnel-group clientssl general-attributes
address-pool DRVPNCLIENT
authentication-server-group (outside) ACS5RADIUS
default-group-policy policy4ssl
tunnel-group clientssl webvpn-attributes
group-alias SSLVPNUSER enable
!