12-04-2013 01:35 PM
Hello,
I have created a SSL VPN using SVC on a 2921 and currently here is my issue. When I browse to the web site and login it is successful and also installs the Any Connect Client and connects. At that point all works successfully. When you disconnect and try to connect again by typing the ip address into Any Connect it states "connection failed". If I try another machine with anyconnect already installed I get a message "invalid cert and connection failed". Below is the configuration for the SSL VPN and I am using a self signed cert which has to be for this DR site at the current time....Any help is appreciated.....thanks
aaa authentication login uservpn local
!
crypto pki trustpoint TP-self-signed-2519532865
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2519532865
revocation-check none
rsakeypair TP-self-signed-2519532865
!
!
crypto pki certificate chain TP-self-signed-2519532865
certificate self-signed 01
3082025D 308201C6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32353139 35333238 3635301E 170D3130 30363135 31353337
34315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35313935
33323836 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AE70 14E1B352 33B99C21 2BA10F47 2EEBEB22 1FAD3B4E 4E4CEC55 BAB8F502
49025428 34A8128F AE7CD70C AC572CBE F614473F 38CAEED0 D294358A 332C43D3
053FDF63 DFCEA2C8 3A9EA457 CA426791 BCCA4B9E CE3D2FC6 DE9242F0 1E5987B2
95E32970 D3EC5F87 19F297BD 0568073B BEB82AA2 3EF2F6A1 C960A3D8 2A98D782
7B410203 010001A3 81843081 81300F06 03551D13 0101FF04 05300301 01FF302E
0603551D 11042730 2582234F 4C594D50 49412D56 414E2D32 3932312D 322E6F6C
796D7069 61747275 73742E63 6F6D301F 0603551D 23041830 1680148A 0B6232F1
D50DD40E 113F7354 DF5AAA4C 6C055F30 1D060355 1D0E0416 04148A0B 6232F1D5
0DD40E11 3F7354DF 5AAA4C6C 055F300D 06092A86 4886F70D 01010405 00038181
00570925 70950700 73531783 7FCE5578 3EBDF166 3A55A497 436AC9F7 91AFAE11
D035EB88 ABB1C9B6 433A58A0 46A95165 4305D44B C40770EA C0055320 F9B89207
12FB8908 8057F577 712D610C 3AA017B7 D080B2E9 4C208A2A 9DCA7E95 01CDAD3D
B7CD036C 0D94A6DB DC765EE7 B0669E40 CAF6D56F 94532BA4 F67B900F 8ECB8129 D1
quit
!
ip local pool uservpn 192.168.201.200 192.168.201.250
!
ip access-list extended outside-in
permit tcp any host x.x.x.x eq 443 www
permit udp any host x.x.x.x eq 443 80
!
!
webvpn gateway VANCISCO2921DR-GATEWAY
ip address x.x.x.x port 443
http-redirect port 80
ssl encryption rc4-md5
ssl trustpoint TP-self-signed-2519532865
inservice
!
webvpn install svc flash0:/webvpn/anyconnect-win-3.1.04072-k9.pkg sequence 1
!
webvpn context Cisco-WEBVPN
title "DR VPN Access to Vancouver"
ssl authenticate verify all
!
acl "ssl-acl"
permit ip 192.168.201.0 0.0.0.255 10.2.1.0 0.0.0.255
permit ip 192.168.201.0 0.0.0.255 10.2.2.0 0.0.0.255
permit ip 192.168.201.0 0.0.0.255 10.2.3.0 0.0.0.255
permit ip 192.168.201.0 0.0.0.255 10.2.4.0 0.0.0.255
permit ip 192.168.201.0 0.0.0.255 10.2.5.0 0.0.0.255
!
login-message "DR VPN Access to Vancouver"
!
policy group webvpnpolicy
functions svc-required
filter tunnel ssl-acl
svc address-pool "uservpn"
svc rekey method new-tunnel
svc split include 10.2.1.0 255.255.255.0
svc split include 10.2.2.0 255.255.255.0
svc split include 10.2.3.0 255.255.255.0
svc split include 10.2.4.0 255.255.255.0
svc split include 10.2.5.0 255.255.255.0
default-group-policy webvpnpolicy
aaa authentication list uservpn
gateway VANCISCO2921DR-GATEWAY
max-users 2
inservice
!
12-06-2013 09:34 PM
For AnyConnect users, the following user error message is seen:
"Connection attempt has failed due to server communication errors. Please retry the connection"
The AnyConnect event log will show the following error message snippet:
Function: ConnectIfc::connect
Invoked Function: ConnectIfc::handleRedirects
Description: CONNECTIFC_ERROR_HTTP_MAX_
REDIRS_EXCEEDED
Cisco Is still finding answers and there is no fix for it yet
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide