Claro

Estoy haciendo una conexion por annyconect por el momento lo trate de confirgurar con los manuales de cisco, estando dentro de mi red si intento conectarme al cisco todo bien es mas por ip me descarga el instalador del annyconct. pero cuando lo hago desde mi casa o afuera es ahi que la ip publica del asa no hace pin.. lo coloco en el nvegador saliendome como pagina--- que ha expirado... en resumen no me conecta,

Entrando al asdm hice esto pero sin exito...adjunto imagenes

Si pudiera compartir la configuracion de webvpn con mucho gusto le puedo ayudar:

sh run webvpn

-JP-

User Access Verification

Password:
Type help or '?' for a list of available commands.
ciscoasa> en
ciscoasa> enable
Password:
ciscoasa# shu
ciscoasa# shun run
ciscoasa# shun run web
ciscoasa# shun run web
^
ERROR: % Invalid Hostname
ciscoasa# shun run webv
ciscoasa# shun run webv
^
ERROR: % Invalid Hostname
ciscoasa#
ciscoasa# sh run web
ciscoasa# sh run webvpn
webvpn
enable outside
svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
svc enable
tunnel-group-list enable
ciscoasa# ciscoasa# sh run webvpn
^

^

r_valle86, 

Considerando que ud puede utilizar AnyConnect cuando esta internamente la configuracion que ud compartio no muestra eso, cuando usted utiliza el comando enable outside significa que el webvpn solo va a funcionar cuando se ingresa por la interface outside o desde afuera de su red.

Cuando ud intenta conectar, AnyConnect le pide autenticar o falla de inmediato?

Si pudiera compartir esta informacion puedo revisar si es un problema de configuracion:

sh run tunnel-group

sh run group-policy

Solo las que se crearon para AnyConnect.

Saludos,

-JP-

Bueno yo lo hago segun procedimiento, pero la verdad cuando escribo la ip publica del asa en el navegador para poder descargarme el annyconect ,automaticamente no conecta  o me sale pagina expirada

En este caso para ingresar es necesario poner https:// al comienzo, para verificar cual es el problema puede poner logs para ver que hace el ASA con el trafico o si realmente lo recibe:

logging buffer enable

logging buffered 7

logging buffer-size <>

Para buscar los logs puede utilizar lo siguiente:

sh log | inc 443

-JP-

User Access Verification

Password:
Type help or '?' for a list of available commands.
ciscoasa> en
ciscoasa> enable
Password:
ciscoasa#
ciscoasa# log
ciscoasa# logo
ciscoasa# logg
ciscoasa# logging bu
ciscoasa# logging buf
ciscoasa# logging buffe
ciscoasa# logging buffer ena
ciscoasa# logging buffer enable
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa# logging buffere
ciscoasa# logging buffered 7
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa# sh
ciscoasa# sh lo
ciscoasa# sh log inc
ciscoasa# sh log inc 443
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa# log
ciscoasa# logg
ciscoasa# logging en
ciscoasa# logging ena
ciscoasa# logging enable
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa# confi
ciscoasa# configure ter
ciscoasa# configure terminal
ciscoasa(config)# logg
ciscoasa(config)# logging en
ciscoasa(config)# logging enable
ciscoasa(config)# logi
ciscoasa(config)# loog
ciscoasa(config)# log
ciscoasa(config)# logg
ciscoasa(config)# logging bug
ciscoasa(config)# logging buf
ciscoasa(config)# logging buffer enERROR: % Ambiguous command: "logging buffer en"
ciscoasa(config)# logging buff
ciscoasa(config)# logging buffer
ciscoasa(config)# logging buffer
ciscoasa(config)# logging buffer enERROR: % Ambiguous command: "logging buffer en"
ciscoasa(config)# log
ciscoasa(config)# logg
ciscoasa(config)# logging buffer
ciscoasa(config)# logging buffer enERROR: % Ambiguous command: "logging buffer en"
ciscoasa(config)# logging ena
ciscoasa(config)# logging enable
ciscoasa(config)# loggi
ciscoasa(config)# logging bu
ciscoasa(config)# logging buffer enERROR: % Ambiguous command: "logging buffer en"
ciscoasa(config)# loggin buffer
ciscoasa(config)# loggin buffer enable
ERROR: % Ambiguous command: "loggin buffer enable"
ciscoasa(config)# loggin buffe
ciscoasa(config)# loggin buffer
ciscoasa(config)# loggin buffere
ciscoasa(config)# loggin buffered 7
ciscoasa(config)# log
ciscoasa(config)# logg
ciscoasa(config)# logging buff
ciscoasa(config)# logging buffer zisERROR: % Ambiguous command: "logging buffer zis"
ciscoasa(config)# loggin buffered zise <>
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa(config)# sh
ciscoasa(config)# sh lo
ciscoasa(config)# end
ciscoasa# wr
Building configuration...
Cryptochecksum: e24df33a dc8a7e08 d016d6e1 72a95d39

4910 bytes copied in 1.590 secs (4910 bytes/sec)
[OK]
ciscoasa# sh
ciscoasa# sh lo
ciscoasa# sh log
ciscoasa# sh logging
Syslog logging: enabled
Facility: 20
Timestamp logging: disabled
Standby logging: disabled
Debug-trace logging: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: level debugging, 123 messages logged
Trap logging: disabled
History logging: disabled
Device ID: disabled
Mail logging: disabled
ASDM logging: level informational, 8 messages logged
st discarded from 192.168.1.178/17500 to inside:192.168.1.255/17500
%ASA-7-710005: UDP request discarded from 192.168.1.178/17500 to inside:255.255.255.255/17500
%ASA-7-710005: UDP request discarded from 192.168.1.178/17500 to inside:255.255.255.255/17500
%ASA-7-710005: UDP request discarded from 192.168.1.251/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.251/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.251/137 to inside:192.168.1.255/137
%ASA-5-111005: 192.168.1.128 end configuration: OK
%ASA-7-710005: UDP request discarded from 192.168.1.148/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.251/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.148/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.251/137 to inside:192.168.1.255/137
%ASA-5-111001: Begin configuration: 192.168.1.128 writing to memory
%st discarded from 192.168.1.251/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.250/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.251/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.250/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.251/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.250/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.251/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.250/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.251/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.250/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.251/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.144/17500 to inside:255.255.255.255/17500
%ASA-7-710005: UDP request discarded from 192.168.1.144/17500 to inside:255.255.255.255/17500
%ASA-7-710005: UDP request discarded from 192.168.1.144/17500 to inside:192.168.1.255/17500
%ASA-7-710005: UDP request discarded from 192.168.1.251/137 to inside:192.168.1.255/137
137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.250/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.251/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.151/138 to inside:192.168.1.255/138
%ASA-7-710005: UDP request discarded from 192.168.1.250/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.251/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.250/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.144/138 to inside:192.168.1.255/138
%ASA-7-710005: UDP request discarded from 192.168.1.251/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.123/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.123/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.251/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.250/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.139/138 to inside:192.168.1.255/138
%ASA-7-710005: UDP request discarded from 192.168.1.123/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.251/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.250/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.123/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.251/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.250/137 to inside:192.168.1.255/137
%ASA-7-710005: UDP request discarded from 192.168.1.123/137 to inside:192.168.1.255/137
ciscoasa#

Aplicando eso....lo que indicaste..

Ok en este caso no estamos siguiendo los pasos como deberia, el sh log | inc 433 se hacer hasta despues de intentar la coneccion desde un browser o AnyConnect.

Ola disculpa la torpesa, pero pdorias ser mas especifico eso no se como hacerlo o a que te refieres..

No se preocupe, si es posible que comparta la ip publica del ASA seria mucho mas facil encontrar cual puede ser el problema.

neesariamente tiene que ser asii o si tienes un correo personal se la puedo enviar con mas datos necesito que me ayude porfavor..