cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1539
Views
0
Helpful
8
Replies

Cisco ASA 8.2 - anyconnect-essentials

Ranbeckycr_2
Level 1
Level 1

Experts

I need to enable the command anyconnect-essentials in my webvpn configuration.

When I do show run webvpn  I see:

no anyconnect-essentials.

If I go to webvpn:

(config-webvpn)anyconnect-essentials  ( then hit enter)  I get this error message:

Clientless sessions currently active:3

After all clientless sessions are disconnected, manually enable Anyconnect Essentials using ASDM or "anyconnect-essentials" CLI under webvpn mode.

For some Reason JAVA is screwed up and I can't run ASDM. 

How Do I disconnect the Clientless sessions via CLI in order to add the command

"anyconnect-essentials"

Thanks for your help!!

1 Accepted Solution

Accepted Solutions

Marcin Latosiewicz
Cisco Employee
Cisco Employee
vpn-sessiondb logoff ....

View solution in original post

8 Replies 8

Marcin Latosiewicz
Cisco Employee
Cisco Employee
vpn-sessiondb logoff ....

Marcin,

Thanks for the quick response.

Question, will this only disconnect the Clientless sessions or will it also affect the other SA's?

If I run a show cry isa sa ---> It shows    Active SA:  57

I need to know if these 57 VPN tunnels will be affected.   :-)

Thanks again!!

vpn-sessiondb logoff

To log off all or selected VPN sessions, use the vpn-sessiondb logoff command in global configuration mode.

vpn-sessiondb logoff {remote | l2l | webvpn | email-proxy | protocol protocol-name | name username | ipaddressIPaddr | tunnel-group groupname | index indexnumber | all}


Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

I am somewhat puzzled. When you look for show cry isa sa  you are looking for ISAKMP but this is used for IPSec. I would expect the clientless and the AnyConnect sessions to be SSL based and not IPSec ISAKMP based.

I would also ask whether you already have installed the AnyConnect Essentials license on this ASA.

HTH

Rick

HTH

Rick

Hehe, good point, although this might be AC IKEv2 tunnels :-)

@Randall yes, you're probably looking for clearing your SSL connections as Rick mentions.

I sort of wondered about that until I remembered that the title of the thread says that the ASA is running 8.2 code.

HTH

Rick

HTH

Rick

Thanks a bunch for the help, @Richard: Anyconnect license is already installed because it was previously working. I noticed that configuration change today after the reboot. I didn´t know if the SA and Clientless where related, but I know understand that they are 2 separte things completely.

*- Just to clarify, if I run the vpn-sessiondb logoff it will knock out all the clientless sessions.

So step 1:  Run vpn-sessiondb logoff

Step 2:Run in (config-webvpn)anyconnect-essentials

Sounds about right?

Once again, thanks

you might want to narrow down that logoff command.

Or you clear everything on the box.

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1631050

You might want to do "remote" ... depends on your setup and who's logged in and what they're using.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: