08-31-2012 11:10 PM
%ASA-6-725001: Starting SSL handshake with client outside:58.211.122.212/3293 for TLSv1 session.
%ASA-6-725003: SSL client outside:58.211.122.212/3293 request to resume previous session.
%ASA-6-725002: Device completed SSL handshake with client outside:58.211.122.212/3293
%ASA-6-113012: AAA user authentication Successful : local database : user = admin
%ASA-6-113009: AAA retrieved default group policy (SSLCLientPolicy) for user = admin
%ASA-6-113008: AAA transaction status ACCEPT : user = admin
%ASA-7-734003: DAP: User admin, Addr 58.211.122.212: Session Attribute aaa.cisco.grouppolicy = SSLCLientPolicy
%ASA-7-734003: DAP: User admin, Addr 58.211.122.212: Session Attribute aaa.cisco.username = admin
%ASA-7-734003: DAP: User admin, Addr 58.211.122.212: Session Attribute aaa.cisco.tunnelgroup = SSLClientProfile
%ASA-6-734001: DAP: User admin, Addr 58.211.122.212, Connection Clientless: The following DAP records were selected for this connection: DfltAccessPolicy
%ASA-4-716023: Group <SSLCLientPolicy> User <admin> IP <58.211.122.212> Session could not be established: session limit of 2 reached.
%ASA-4-716007: Group <SSLCLientPolicy> User <admin> IP <58.211.122.212> WebVPN Unable to create session.
%ASA-6-302013: Built inbound TCP connection 137616 for outside:58.211.122.212/3294 (58.211.122.212/3294) to identity:61.155.55.66/443 (61.155.55.66/443)
%ASA-6-302013: Built inbound TCP connection 137617 for outside:58.211.122.212/3295 (58.211.122.212/3295) to identity:61.155.55.66/443 (61.155.55.66/443)
%ASA-6-725001: Starting SSL handshake with client outside:58.211.122.212/3294 for TLSv1 session.
%ASA-6-725003: SSL client outside:58.211.122.212/3294 request to resume previous session.
%ASA-6-725001: Starting SSL handshake with client outside:58.211.122.212/3295 for TLSv1 session.
%ASA-6-725003: SSL client outside:58.211.122.212/3295 request to resume previous session.
Red error what is the reason? Only appears in the window 2003 server.
09-01-2012 12:15 AM
You probably have this in your config:
group-policy SSLCLientPolicy attributes
vpn-simultaneous-logins 2
And the two allowed simultaneous logins are reached. Either use a different username or increase this limit.
EDIT:
I just see in your config thta the above is *not* the reason! You don't have a license to use more then two SSL-sessions. For that you need the AnyConnect Premium or the AnyConnect Essentials license. Both is not applied to the ASA.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
09-01-2012 12:29 AM
thanks !!!
but......
Fault: the old way
Logging: the old way
09-01-2012 09:03 PM
ciscoasa# show activation-key
Serial Number: JMX1314Z1UV
Running Activation Key: 0x9625fa6a 0x68e90200 0x38c3adac 0xaa0448d0 0x4b3815b6
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : 10
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
SSL VPN Peers : 2
Total VPN Peers : 10
Dual ISPs : Disabled
VLAN Trunk Ports : 0
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has a Base license.
The flash activation key is the SAME as the running key.
ciscoasa#
Sure ?it was licence question?
09-02-2012 12:17 PM
Hello Shikun,
Here is the thing that Karsten is telling you:
SSL VPN Peers : 2
This means that there can be only to SSL sessions to your ASA, until one of them get's closed you could innitiate a new session.
You can disconnect all the sessions and give it a try to see it working.
Command to check how many SSL sessions exist to our ASA:
sh vpn-sessiondb webvpn
Command to clear the current SSL session on our ASA:
vpn-sessiondb logoff webvpn
Regards,
Julio
09-03-2012 07:22 PM
Command to check how many SSL sessions exist to our ASA:
sh vpn-sessiondb webvpn
ciscoasa# show vpn-sessiondb webvpn
INFO: There are presently no active sessions
ciscoasa# show ssl
Accept connections using SSLv2, SSLv3 or TLSv1 and negotiate to SSLv3 or TLSv1
Start connections using SSLv3 and negotiate to SSLv3 or TLSv1
Enabled cipher order: aes128-sha1
Disabled ciphers: 3des-sha1 des-sha1 rc4-md5 rc4-sha1 aes256-sha1 null-sha1
No SSL trust-points configured
Certificate authentication is not enabled
The use of aes128-sha1 win2003server even web interface are not open!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide