Cisco AnyConnect web login page: error

ales.krek@snt.si · ‎10-04-2024

Hi.

I have a problem connecting to web login page. When I connect to https://163.159.19.11/CACHE/sdesktop/install/start.htm

Everything is working OK

When I click on Log In I get error:

I checked configuration and it looks fine.

show version:

Cisco Adaptive Security Appliance Software Version 9.20(3)
SSP Operating System Version 2.14(2.106)
Device Manager Version 7.20(2)

Compiled on Wed 31-Jul-24 00:50 GMT by builders
System image file is "disk0:/mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.14.2.106.SPA"
Config file at boot was "startup-config"

zel-asa-vpn-fw-1 up 13 days 20 hours
Start-up time 2 mins 35 secs

Hardware: FPR-2120, 6572 MB RAM, CPU MIPS 1200 MHz, 1 CPU (8 cores)

1: Int: Internal-Data0/1 : address is 000f.b748.4801, irq 0
3: Ext: Management1/1 : address is 4874.10b6.3b81, irq 0
4: Int: Internal-Data1/1 : address is 0000.0100.0001, irq 0

License mode: Smart Licensing

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 1024
Inside Hosts : Unlimited
Failover : Active/Active
Encryption-DES : Enabled
Encryption-3DES-AES : Enabled
Security Contexts : 2
Carrier : Disabled
AnyConnect Premium Peers : 3500
AnyConnect Essentials : Disabled
Other VPN Peers : 3500
Total VPN Peers : 3500
AnyConnect for Mobile : Enabled
AnyConnect for Cisco VPN Phone : Enabled
Advanced Endpoint Assessment : Enabled
Shared License : Disabled
Total TLS Proxy Sessions : 8000
Cluster : Disabled

Serial Number: FJZ2833W7M7
Configuration last modified by enable_15 at 08:57:24.620 UTC Fri Oct 4 2024

show run web:

webvpn
enable outside tls-only
http-headers
hsts-server
enable
max-age 31536000
include-sub-domains
no preload
hsts-client
no enable
x-content-type-options
x-xss-protection
content-security-policy
hostscan image disk0:/hostscan_4.10.08029-k9.pkg
hostscan enable
anyconnect image disk0:/anyconnect-macos-4.10.08029-webdeploy-k9.pkg 1
anyconnect image disk0:/anyconnect-linux64-4.10.08029-webdeploy-k9.pkg 2
anyconnect image disk0:/anyconnect-win-4.10.08029-webdeploy-k9.pkg 3
anyconnect profiles zNET_AC_Profile_client_profile disk0:/znet_ac_profile_client_profile.xml
anyconnect profiles zNET_NIJZ disk0:/znet_nijz.xml
anyconnect profiles zNET_VPN_MGMT disk0:/znet_vpn_mgmt.xml
anyconnect profiles zNET_dostop_do_LAN disk0:/znet_dostop_do_lan.xml
anyconnect profiles zNET_zasebnik disk0:/znet_zasebnik.xml
anyconnect enable
tunnel-group-list enable

Thank you for your help in advance.

Regards, Aleš Krek.

balaji.bandi · ‎10-04-2024

You gettting 404 error, can you run the debug on the ASA and check what causing the issue. (debug webvpn)

https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/webvpn-configure-gateway.html

https://www.cisco.com/c/en/us/support/docs/security-vpn/webvpn-ssl-vpn/119417-config-asa-00.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ales.krek@snt.si · ‎10-09-2024

Thank you for reply. I run the debug command but there's no output regarding web page error.

The configuration seams fine. I imported (copy paste, section by section) configuration from previous device. Only change is in ASA version. Previous was 9.12.XY and now is 9.20(3).

Regards, Aleš Krek.

ales.krek@snt.si · ‎10-15-2024

I did the work around. For every client VPN group I enabled url and disabled default landing page. Now it works.

balaji.bandi · ‎10-16-2024

glad you know you able to make some fix.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help