- Cisco Community
- Technology and Support
- Security
- VPN
- cisco IOS 15.1 (and upper) ssl vpn anyconnect problem
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
cisco IOS 15.1 (and upper) ssl vpn anyconnect problem
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-03-2016 08:29 AM - edited 02-21-2020 08:48 PM
Hello and thank you for reading.
i have a cisco 887 (Iad version) and i have Issue with SSL VPN.
The vpn (both web login and anyconnect) works fine form mobile and from a home pc.
From corporate network i can open the VPN Web page but i cannot connect with Cisco Anyconnect secure mobility Client v.4 and ios version 15.4.
The error i get is "Failed to download WebVPNProfile.xml. A VPN connection cannot be established." Or "Anyconnect cannot confirm is is connected to your secure gateway. The local network may not be trustworthy. Please try another network"
I have seen same situation with a cisco 877. On IOS 15.0 (all works fine) from 15.1 it gives this same problem. On 15.1 Cisco added 2 features:
DTLS Support for IOS SSL VPN AND SSL VPN DVTI Support
Please, somebody has any idea?
Thank You!
Here is a dump of debug webvpn verbose:
Log Buffer (20000 bytes):
May 3 15:53:02: WV: sslvpn process rcvd context queue event
May 3 15:53:02: WV: Entering APPL with Context: 0x8F08BDD8,
Data buffer(buffer: 0x8F0C6E00, data: 0x2BF7C335, len: 256,
offset: 0, domain: 1)
May 3 15:53:02: WV: Fragmented App data - buffered
May 3 15:53:02: WV: Client side Chunk data written..
buffer=0x8F0C6960 total_len=184 bytes=184 tcb=0x8FB8C2FC
May 3 15:53:02: WV: Entering APPL with Context: 0x8F08BDD8,
Data buffer(buffer: 0x8F0C6960, data: 0x2BE0F955, len: 31,
offset: 0, domain: 1)
May 3 15:53:02: WV: Client side Chunk data written..
buffer=0x8F0C6FA0 total_len=127 bytes=127 tcb=0x8FB8C2FC
May 3 15:53:02: WV: Entering APPL with Context: 0x8F08BDD8,
Data buffer(buffer: 0x8F0C6960, data: 0x2BF89855, len: 256,
offset: 0, domain: 1)
May 3 15:53:02: WV: Client side Chunk data written..
buffer=0x8F0C6E00 total_len=488 bytes=488 tcb=0x8FB8C2FC
May 3 15:53:02: WV: Entering APPL with Context: 0x8F08BDD8,
Data buffer(buffer: 0x8F0C6960, data: 0x2BEB4AB5, len: 256,
offset: 0, domain: 1)
May 3 15:53:02: WV: Client side Chunk data written..
buffer=0x8F0C6E00 total_len=297 bytes=297 tcb=0x8FB8C2FC
May 3 15:53:02: WV: Entering APPL with Context: 0x8F08BDD8,
Data buffer(buffer: 0x8F0C6960, data: 0x2BEEFF75, len: 256,
offset: 0, domain: 1)
May 3 15:53:02: WV: Client side Chunk data written..
buffer=0x8F0C6E00 total_len=251 bytes=251 tcb=0x8FB8C2FC
May 3 15:53:02: WV: Entering APPL with Context: 0x8F08BDD8,
Data buffer(buffer: 0x8F0C6960, data: 0x2BFB0CD5, len: 160,
offset: 0, domain: 1)
May 3 15:53:02: WV: Client side Chunk data written..
buffer=0x8F0C6E00 total_len=155 bytes=155 tcb=0x8FB8C2FC
May 3 15:53:02: WV: Entering APPL with Context: 0x8F08BDD8,
Data buffer(buffer: 0x8F0C6960, data: 0x2B41E355, len: 5,
offset: 0, domain: 1)
May 3 15:53:02: WV: Client side Chunk data written..
buffer=0x8F0C6E00 total_len=5 bytes=5 tcb=0x8FB8C2FC
May 3 15:53:02: WV: sslvpn process rcvd context queue event
May 3 15:53:02: WV: sslvpn process rcvd context queue event
May 3 15:53:02: WV: Entering APPL with Context: 0x8F08A830,
Data buffer(buffer: 0x8F0C6960, data: 0x2B409395, len: 1,
offset: 0, domain: 0)
May 3 15:53:02: WV: Fragmented App data - buffered
May 3 15:53:02: WV: Entering APPL with Context: 0x8F08A830,
Data buffer(buffer: 0x8F0C6E00, data: 0x2BFA9515, len: 687,
offset: 0, domain: 0)
May 3 15:53:02: WV: http request: /lang.js with cookie: Cookie: webvpnlang=1; tree_bkmkTree_state=3; vpnJavaApplet=;
stStarted=0;
webvpnc=p:t&bu:/CACHE/webvpn/stc/&iu:1/&sh:9A4B2988A028A5DAB79CE55204BF46238C0FFEC9&fu:profiles/WebVPNProfile.xml&fh:4DD085
B6C47E6FE597D37AEF28CC74AE6CF87F0C&; webvpn=00@3583779562@00003@3671270698@1837505283@Cisco-WebVPN
May 3 15:53:02: WV: validated_tp : cert_username : matched_ctx :
May 3 15:53:02: WV: [Q]Client side Chunk data written..
buffer=0x8F0C6FA0 total_len=1016 bytes=1016 tcb=0x8FB8B9FC
May 3 15:53:02: WV: [Q]Client side Chunk data written..
buffer=0x8F0C6FC0 total_len=1016 bytes=1016 tcb=0x8FB8B9FC
May 3 15:53:02: WV: [Q]Client side Chunk data written..
buffer=0x8F0C6A80 total_len=1016 bytes=1016 tcb=0x8FB8B9FC
May 3 15:53:02: WV: [Q]Client side Chunk data written..
buffer=0x8F0C6900 total_len=1016 bytes=1016 tcb=0x8FB8B9FC
May 3 15:53:02: WV: [Q]Client side Chunk data written..
buffer=0x8F0C6920 total_len=1016 bytes=1016 tcb=0x8FB8B9FC
May 3 15:53:02: WV: [Q]Client side Chunk data written..
buffer=0x8F0C6940 total_len=1016 bytes=1016 tcb=0x8FB8B9FC
May 3 15:53:02: WV: [Q]Client side Chunk data written..
buffer=0x8F0C70C0 total_len=1016 bytes=1016 tcb=0x8FB8B9FC
May 3 15:53:02: WV: [Q]Client side Chunk data written..
buffer=0x8F0C70A0 total_len=1016 bytes=1016 tcb=0x8FB8B9FC
May 3 15:53:02: WV: [Q]Client side Chunk data written..
buffer=0x8F0C7080 total_len=1016 bytes=1016 tcb=0x8FB8B9FC
May 3 15:53:02: WV: [Q]Client side Chunk data written..
buffer=0x8F0C7060 total_len=1016 bytes=1016 tcb=0x8FB8B9FC
May 3 15:53:02: WV: [Q]Client side Chunk data written..
buffer=0x8F0C6DC0 total_len=1016 bytes=1016 tcb=0x8FB8B9FC
May 3 15:53:02: WV: [Q]Client side Chunk data written..
buffer=0x8F0C7000 total_len=1016 bytes=1016 tcb=0x8FB8B9FC
May 3 15:53:02: WV: Client side Chunk data written..
buffer=0x8F0C6DE0 total_len=63 bytes=63 tcb=0x8FB8B9FC
May 3 15:53:02: WV: sslvpn process rcvd context queue event
May 3 15:53:02: WV: Client side Chunk data written..
buffer=0x8F0C6E00 total_len=8 bytes=8 tcb=0x8F2894D4
May 3 15:53:02: WV: sslvpn process rcvd context queue event
May 3 15:53:02: WV: Client side Chunk data written..
buffer=0x8F0C6960 total_len=8 bytes=8 tcb=0x8F2894D4
May 3 15:53:02: WV: sslvpn process rcvd context queue event
May 3 15:53:03: WV: Tunneled data packet was copied!
May 3 15:53:08: WV: Client side Chunk data written..
buffer=0x8F0C6960 total_len=8 bytes=8 tcb=0x8F2894D4
May 3 15:53:08: WV: sslvpn process rcvd context queue event
May 3 15:53:11: WV: sslvpn process rcvd context queue event
May 3 15:53:11: WV: sslvpn process rcvd context queue event
May 3 15:53:12: WV: sslvpn process rcvd context queue event
May 3 15:53:12: WV: sslvpn process rcvd context queue event
May 3 15:53:12: WV: Entering APPL with Context: 0x8F08C778,
Data buffer(buffer: 0x8F0C6E00, data: 0x2BFB0455, len: 1,
offset: 0, domain: 0)
May 3 15:53:12: WV: Fragmented App data - buffered
May 3 15:53:12: WV: Entering APPL with Context: 0x8F08C778,
Data buffer(buffer: 0x8F0C6960, data: 0x2BEEFF75, len: 291,
offset: 0, domain: 0)
May 3 15:53:12: WV: Fragmented App data - buffered
May 3 15:53:12: WV: server side not ready to send.
May 3 15:53:12: WV: server side not ready to send.
May 3 15:53:12: WV: Entering APPL with Context: 0x8F08C778,
Data buffer(buffer: 0x8F0C6DE0, data: 0x2BF17C75, len: 1,
offset: 0, domain: 0)
May 3 15:53:12: WV: Fragmented App data - buffered
May 3 15:53:12: WV: Entering APPL with Context: 0x8F08C778,
Data buffer(buffer: 0x8F0C7000, data: 0x2BE0F4D5, len: 473,
offset: 0, domain: 0)
May 3 15:53:12: WV: http request: / with no cookie
May 3 15:53:12: WV: validated_tp : cert_username : matched_ctx :
May 3 15:53:12: WV: failed to get sslvpn appinfo from opssl
May 3 15:53:12: WV: Error: Failed to get vw_ctx
May 3 15:53:12: WV: Appl. processing Failed : 2
May 3 15:53:12: WV: sslvpn process rcvd context queue event
May 3 15:53:13: WV: Client side Chunk data written..
buffer=0x8F0C7000 total_len=8 bytes=8 tcb=0x8F2894D4
May 3 15:53:13: WV: sslvpn process rcvd context queue event
May 3 15:53:13: WV: Client side Chunk data written..
buffer=0x8F0C6DE0 total_len=8 bytes=8 tcb=0x8F2894D4
May 3 15:53:13: WV: sslvpn process rcvd context queue event
May 3 15:53:14: WV: Tunneled data packet was copied!
May 3 15:53:19: WV: Client side Chunk data written..
buffer=0x8F0C6DE0 total_len=8 bytes=8 tcb=0x8F2894D4
May 3 15:53:19: WV: sslvpn process rcvd context queue event
May 3 15:53:24: WV: Client side Chunk data written..
buffer=0x8F0C7000 total_len=8 bytes=8 tcb=0x8F2894D4
May 3 15:53:24: WV: sslvpn process rcvd context queue event
May 3 15:53:24: WV: Client side Chunk data written..
buffer=0x8F0C6DE0 total_len=8 bytes=8 tcb=0x8F2894D4
May 3 15:53:24: WV: sslvpn process rcvd context queue event
May 3 15:53:24: WV: Tunneled data packet was copied!
May 3 15:53:28: WV: sslvpn process rcvd context queue event
May 3 15:53:28: WV: Entering APPL with Context: 0x8F08A830,
Data buffer(buffer: 0x8F0C7000, data: 0x2BE117D5, len: 1,
offset: 0, domain: 0)
May 3 15:53:28: WV: Fragmented App data - buffered
May 3 15:53:28: WV: Entering APPL with Context: 0x8F08A830,
Data buffer(buffer: 0x8F0C6DE0, data: 0x2BF06BD5, len: 1057,
offset: 0, domain: 0)
May 3 15:53:28: WV: http request: /level/15/exec/-/debug/webvpn/verbose/CR with cookie: Cookie: webvpnlang=1;
tree_bkmkTree_state=3; vpnJavaApplet=; stStarted=0;
webvpnc=p:t&bu:/CACHE/webvpn/stc/&iu:1/&sh:9A4B2988A028A5DAB79CE55204BF46238C0FFEC9&fu:profiles/WebVPNProfile.xml&fh:4DD085
B6C47E6FE597D37AEF28CC74AE6CF87F0C&; webvpn=00@3583779562@00003@3671270698@1837505283@Cisco-WebVPN
May 3 15:53:28: WV: validated_tp : cert_username : matched_ctx :
May 3 15:53:28: WV: [Q]Server side Chunk data written..
buffer=0x8F0C6960 total_len=80 bytes=80 tcb=0x88C11F14
May 3 15:53:28: WV: Server side Chunk data written..
buffer=0x8F0C6E00 total_len=684 bytes=684 tcb=0x88C11F14
May 3 15:53:28: WV: ASYNC req sent
May 3 15:53:28: WV: Entering APPL with Context: 0x8F08A830,
Data buffer(buffer: 0x8F0C6DE0, data: 0x2BF1B235, len: 1,
offset: 0, domain: 0)
May 3 15:53:28: WV: Server side Chunk data written..
buffer=0x8F0C6DE0 total_len=1 bytes=1 tcb=0x88C11F14
May 3 15:53:28: WV: Entering APPL with Context: 0x8F08A830,
Data buffer(buffer: 0x8F0C6DE0, data: 0x2BEE2375, len: 150,
offset: 0, domain: 0)
May 3 15:53:28: WV: Server side Chunk data written..
buffer=0x8F0C6DE0 total_len=150 bytes=150 tcb=0x88C11F14
May 3 15:53:28: WV: sslvpn process rcvd context queue event
May 3 15:53:29: WV: Client side Chunk data written..
buffer=0x8F0C7000 total_len=8 bytes=8 tcb=0x8F2894D4
May 3 15:53:29: WV: sslvpn process rcvd context queue event
this is my config:
!
version 15.4
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service internal
!
hostname ###########
!
boot-start-marker
boot system flash:c880voice-universalk9-mz.154-3.M5.bin
boot-end-marker
!
!
logging buffered 20000
enable secret ################
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sslvpn local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
clock timezone Rome 1 0
clock summer-time GMT recurring
!
crypto pki trustpoint WebVPN-trustpoint
enrollment selfsigned
serial-number
subject-name CN=#################
revocation-check none
rsakeypair WebVPN-rsa-keys
!
!
crypto pki certificate chain WebVPN-trustpoint
certificate self-signed 03
3082025D 308201C6 A0030201 02020103 300D0609 2A864886 F70D0101 05050030
4A311B30 19060355 04031312 63616F73 6C6F7264 2E686F6D 6570632E 6974312B
30120603 55040513 0B46474C 31353337 32345551 30150609 2A864886 F70D0109
02160863 616F736C 6F726430 1E170D31 36303432 39323133 3031315A 170D3230
30313031 30303030 30305A30 4A311B30 19060355 04031312 63616F73 6C6F7264
2E686F6D 6570632E 6974312B 30120603 55040513 0B46474C 31353337 32345551
30150609 2A864886 F70D0109 02160863 616F736C 6F726430 819F300D 06092A86
4886F70D 01010105 0003818D 00308189 02818100 B6F32A19 75C256B8 6A487A8E
7508A8D2 BF916CF1 20F7C2DE 04E99301 F3C786FD BEC9C8B4 AB50DF99 6E66FA45
58B3F37F 9CA3B1C3 97BBEB5A 0EBC4099 6F7F0DDC 861F8F19 8D794E05 CBF9431A
6781DD0C BF92A14E 5A6614DB 76F4D981 359A4495 49E7F72F E36D3C1E 3CA78A11
C3DB1B5A A40E8712 1CC76F21 23E2C797 D0646AAB 02030100 01A35330 51300F06
03551D13 0101FF04 05300301 01FF301F 0603551D 23041830 168014C1 DB4CAB7B
114CA8CB ED723B3F 9CE9B923 1115F330 1D060355 1D0E0416 0414C1DB 4CAB7B11
4CA8CBED 723B3F9C E9B92311 15F3300D 06092A86 4886F70D 01010505 00038181
0013AAB1 A9EB8A6C 0C0C6603 0662FDDF BE603EDE A02E9B85 1C199DDA 73A7231F
AD3A1C35 3BB6B8D0 C703B462 D2E97E62 056D81AF 654F7295 047981EE 16ACCBC7
A7956DC9 6308AAB0 3F787B2B A87660AC 205D3AA2 04257F2C 9AA72A20 055D8B9F
56A70B1E 35B87939 C05984E0 3E947C90 F899CBB9 AC3DC4A7 05775964 84CF4554 09
quit
!
!
!
!
!
!
!
!
!
!
ip port-map user-emule_tcp port tcp 85
ip port-map user-emule_udp port udp 90
!
ip dhcp excluded-address 192.168.1.2 192.168.1.4
ip dhcp excluded-address 192.168.1.11
!
!
!
!
no ip bootp server
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip name-server 213.205.32.70
ip name-server 213.205.36.70
ip name-server 212.216.112.112
ip name-server 212.216.172.62
ip multicast-routing
ip inspect WAAS flush-timeout 10
!
ip cef
no ipv6 cef
no vlan accounting
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
voice-card 0
!
!
!
archive
log config
hidekeys
path flash:archive/config
maximum 6
write-memory
memory reserve critical 2048
!
no spanning-tree vlan 1
no spanning-tree vlan 10
!
crypto vpn anyconnect flash:/webvpn/anyconnect-win-4.2.03013-k9.pkg sequence 1
!
crypto vpn anyconnect profile WebVPNProfile flash:webvpn/WebVPNProfile.xml
!
!
!
!
no cdp run
!
ip tcp selective-ack
ip tcp window-size 2144
ip tcp synwait-time 10
!
class-map type port-filter match-any P2P-2
description ### Sezione P2P ###
match port udp 90
match port tcp 85
class-map match-any Management-1
match protocol dhcp
match protocol dns
match protocol imap
match protocol kerberos
match protocol ldap
match protocol secure-imap
match protocol secure-ldap
match protocol snmp
match protocol socks
match protocol syslog
class-map match-any P2P
description ### Sezione P2P ###
match application user-emule_tcp
match application user-emule_udp
class-map match-any Routing-1
match protocol eigrp
match protocol rip
match protocol rsvp
class-map match-any Signaling-1
match protocol h323
match protocol rtcp
match protocol sip
class-map match-any Voice-1
match protocol rtp audio
class-map match-any WEB
description ### Sezione WEB ###
match protocol http
match protocol secure-http
class-map match-any Transactional-1
match protocol citrix
match protocol finger
match protocol notes
match protocol novadigm
match protocol pcanywhere
match protocol secure-telnet
match protocol sqlnet
match protocol sqlserver
match protocol ssh
match protocol telnet
match protocol xwindows
!
policy-map QoS-Out-child-test
class Voice-1
priority percent 33
class Signaling-1
bandwidth percent 15
class Routing-1
bandwidth percent 15
class Management-1
bandwidth percent 18
class Transactional-1
bandwidth percent 15
class class-default
fair-queue
random-detect
shape peak percent 85
policy-map QoS-Out-parent-test
class class-default
shape average 1000000
service-policy QoS-Out-child-test
policy-map Backpressure
class class-default
shape average 819200
!
!
!
!
crypto ipsec df-bit clear
!
!
!
bridge irb
!
!
!
!
!
interface Loopback1
description ** IP VPN **
ip address 192.168.69.1 255.255.255.0
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface ATM0
no ip address
no ip route-cache
no atm ilmi-keepalive
dsl noise-margin 2
dsl bitswap both
!
interface ATM0.1 point-to-point
description ** SUB Int Internet **
no ip route-cache
ip policy route-map clear-df-bit
ip igmp unidirectional-link
pvc 8/35
vbr-rt 1020 950
tx-ring-limit 3
oam-pvc manage
encapsulation aal5mux ppp dialer
dialer pool-member 1
service-policy out QoS-Out-parent-test
!
!
interface ATM0.2 point-to-point
description ** SUB Int IPTV **
no ip route-cache
shutdown
atm route-bridged ip
bridge-group 10
bridge-group 10 spanning-disabled
pvc 8/36
encapsulation aal5snap
!
!
interface FastEthernet0
description ** RETE INTERNA **
switchport access vlan 10
no ip address
!
interface FastEthernet1
description ** RETE INTERNA **
switchport access vlan 10
no ip address
!
interface FastEthernet2
description ** RETE INTERNA **
switchport access vlan 10
no ip address
!
interface FastEthernet3
description ** RETE INTERNA **
switchport access vlan 10
no ip address
!
interface Virtual-Template1
description ** VPN - Virual Template **
ip unnumbered Dialer0
!
interface Vlan1
description ** NOT USED **
no ip address
shutdown
!
interface Vlan10
description ** VLAN - RETE INTERNA **
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan20
description ** VLAN - IPTV **
no ip address
no ip route-cache
shutdown
bridge-group 10
bridge-group 10 spanning-disabled
hold-queue 100 out
!
interface Dialer0
mtu 1492
ip address negotiated
ip access-group antispoofing in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp header-compression
ip tcp adjust-mss 1200
dialer pool 1
no keepalive
ppp authentication chap pap callin
ppp chap hostname ##########################
ppp chap #########################
ppp pap sent-username ###########################
no cdp enable
!
interface BVI10
description ** BRIDGE IPTV **
no ip address
ip tcp adjust-mss 1452
ip igmp helper-address udl ATM0.1
ip igmp version 3
shutdown
!
ip local pool VPN-POOL 192.168.69.10 192.168.69.30
ip forward-protocol nd
ip http server
ip http access-class 81
ip http authentication local
ip http secure-server
ip http secure-port 1443
ip http timeout-policy idle 180 life 86400 requests 10000
!
ip flow-top-talkers
top 10
sort-by packets
cache-timeout 250
!
no ip ftp passive
ip dns server
ip nat translation timeout 5
ip nat translation tcp-timeout 120
ip nat translation pptp-timeout 420
ip nat translation udp-timeout 60
ip nat translation finrst-timeout 120
ip nat translation syn-timeout 30
ip nat translation dns-timeout 30
ip nat translation routemap-entry-timeout 120
ip nat translation icmp-timeout 15
ip nat translation port-timeout tcp 85 5
ip nat translation port-timeout udp 90 5
ip nat translation max-entries 800
ip nat translation arp-ping-timeout 15
ip nat inside source static tcp 192.168.1.11 85 interface Dialer0 85
ip nat inside source list 100 interface Dialer0 overload
ip nat inside source static udp 192.168.1.11 90 interface Dialer0 90
ip route 0.0.0.0 0.0.0.0 Dialer0
ip ssh version 2
!
ip access-list extended antispoofing
remark *************************************
remark # Regole antispofing - dialer 0 in
deny ip 0.0.0.0 0.255.255.255 any log
deny ip 10.0.0.0 0.255.255.255 any log
deny ip 127.0.0.0 0.255.255.255 any log
deny ip 172.16.0.0 0.15.255.255 any log
deny ip 169.254.0.0 0.0.255.255 any log
deny ip 192.0.2.0 0.0.0.255 any log
deny ip 239.0.0.0 0.255.255.255 any log
deny ip 224.0.0.0 31.255.255.255 any log
deny ip host 255.255.255.255 any log
permit ip any any
remark *************************************
ip access-list extended clear-df-bit
remark *************************************
remark # Regole clear-df-bit
permit ip any any
remark *************************************
!
logging history size 250
!
route-map clear-df-bit permit 10
match ip address clear-df-bit
set ip df 0
!
access-list 80 remark *************************************
access-list 80 remark # traffico accesso ssh - line vty 0 4 in
access-list 80 permit 192.168.1.0 0.0.0.255 log
access-list 80 permit 192.168.69.0 0.0.0.255 log
access-list 80 deny any log
access-list 80 remark *************************************
access-list 81 remark *************************************
access-list 81 remark # traffico accesso WEB
access-list 81 permit 192.168.1.0 0.0.0.255 log
access-list 81 permit 192.168.69.0 0.0.0.255 log
access-list 81 deny any log
access-list 81 remark *************************************
access-list 100 remark *************************************
access-list 100 remark # traffico NAPT - NAT overload
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 remark *************************************
!
!
!
control-plane
!
bridge 10 protocol ieee
bridge 10 route ip
!
voice-port 0
shutdown
!
voice-port 1
shutdown
!
voice-port 2
shutdown
!
voice-port 3
shutdown
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
alias exec bw show interface | include protocol|BW
alias exec natstat show ip nat statistics
alias exec cpu show proc cpu his
alias exec memory show mem stat
alias exec natstatver show ip nat tra ver
alias exec process show process cpu
alias exec ip show ip int brief
alias exec speed sh dsl int atm0
!
line con 0
no modem enable
stopbits 1
line aux 0
line vty 0 4
access-class 80 in
transport preferred ssh
transport input ssh
transport output ssh
!
exception memory ignore overflow processor
exception memory ignore overflow io
scheduler max-task-time 5000
scheduler allocate 3000 1000
scheduler interval 500
ntp source Dialer0
ntp server 193.204.114.232 prefer
ntp server 193.204.114.233
ntp server 193.204.114.105
ntp server 62.149.204.69
!
!
webvpn gateway Cisco-WebVPN
ip interface Dialer0 port 443
ssl trustpoint WebVPN-trustpoint
inservice
!
webvpn context Cisco-WebVPN
title "Private VPN"
color #004080
secondary-color #0062ee
title-color #002f80
!
acl "webvpn-acl"
permit ip 192.168.69.1 255.255.255.0 192.168.1.0 255.255.255.0
permit ip 192.168.1.0 255.255.255.0 192.168.69.0 255.255.255.0
deny ip any any syslog
login-message "Unauthorized Access Is Prohibited"
!
port-forward "Port Forwarding"
local-port 5901 remote-server "192.168.1.11" remote-port 5900 description "Xp VNC"
virtual-template 1
aaa authentication list sslvpn
gateway Cisco-WebVPN domain CaosVPNNoCSD
user-profile location flash:/bookmarks
logging enable
!
cifs-url-list "lista"
heading "Nas"
url-text "Time Capsule" url-value "//192.168.1.2"
!
nbns-list "NETBIOS Server"
nbns-server 192.168.1.1
ssl authenticate verify all
!
url-list "CaosLan"
heading "Caos Lan"
url-text "Conf" url-value "https://192.168.1.1:1443"
url-text "Mus" url-value "http://192.168.1.11:4711"
inservice
!
policy group webvpnpolicy
port-forward "Port Forwarding"
functions file-access
functions file-browse
functions file-entry
functions svc-enabled
timeout idle 1800
timeout session 10800
filter tunnel webvpn-acl
svc address-pool "VPN-POOL" netmask 255.255.255.0
svc keep-client-installed
svc dpd-interval client 5
svc dpd-interval gateway 5
svc mtu 1300
svc keepalive 240
svc profile WebVPNProfile
svc rekey method new-tunnel
svc split include 192.168.69.0 255.255.255.0
svc split include 192.168.1.0 255.255.255.0
no svc dtls
url-list "CaosLan"
cifs-url-list "lista"
nbns-list "NETBIOS Server"
default-group-policy webvpnpolicy
!
Command was: show webvpn context Cisco-WebVPN
--------------------------------------------------------------------------------
Admin Status: up
Operation Status: up
Error and Event Logging: Enabled
CSD Status: Disabled
Certificate authentication type: All attributes (like CRL) are verified
AAA Authentication List: sslvpn
AAA Authorization List not configured
AAA Accounting List not configured
AAA Authentication Domain not configured
Authentication mode: AAA authentication
Default Group Policy: webvpnpolicy
Associated WebVPN Gateway: Cisco-WebVPN
Domain Name: CaosVPNNoCSD
Maximum Users Allowed: 10 (default)
NAT Address not configured
VRF Name not configured
Virtual Template: 1
Virtual Access : 3
--------------------------------------------------------------------------------
show webvpn gateway
--------------------------------------------------------------------------------
Gateway Name: Cisco-WebVPN
Admin Status: up
Operation Status: up
Error and Event Logging: Disabled
IP: 78.12.167.219, port: 443
SSL Trustpoint: WebVPN-trustpoint
FVRF Name not configured
--------------------------------------------------------------------------------
show webvpn stats detail context Cisco-WebVPN
--------------------------------------------------------------------------------
WebVPN context name : Cisco-WebVPN
User session statistics:
Active user sessions : 2 AAA pending reqs : 0
Peak user sessions : 2 Peak time : 00:20:59
Active user TCP conns : 3 Terminated user sessions : 0
Session alloc failures : 0 Authentication failures : 0
VPN session timeout : 0 VPN idle timeout : 0
User cleared VPN sessions: 0 Exceeded ctx user limit : 0
Client process rcvd pkts : 124 Server process rcvd pkts : 31
Client process sent pkts : 464 Server process sent pkts : 11
Client CEF received pkts : 127 Server CEF received pkts : 0
Client CEF rcv punt pkts : 48 Server CEF rcv punt pkts : 0
Client CEF sent pkts : 454 Server CEF sent pkts : 30
Client CEF sent punt pkts: 162 Server CEF sent punt pkts: 0
SSLVPN appl bufs inuse : 0 SSLVPN eng bufs inuse : 0
Active server TCP conns : 0
Mangling statistics:
Relative urls : 125 Absolute urls : 1
Non-http(s) absolute urls: 0 Non-standard path urls : 0
Interesting tags : 156 Uninteresting tags : 396
Interesting attributes : 151 Uninteresting attributes : 26
Embedded script statement: 0 Embedded style statement : 0
Inline scripts : 0 Inline styles : 0
HTML comments : 0 HTTP/1.0 requests : 0
HTTP/1.1 requests : 31 Unknown HTTP version : 0
GET requests : 27 POST requests : 4
CONNECT requests : 0 Other request methods : 0
Through requests : 7 Gateway requests : 24
Pipelined requests : 0 Req with header size >1K : 0
Processed req hdr bytes : 24713 Processed req body bytes : 57
HTTP/1.0 responses : 0 HTTP/1.1 responses : 6
HTML responses : 4 CSS responses : 0
XML responses : 0 JS responses : 0
Other content type resp : 0 Chunked encoding resp : 4
Resp with encoded content: 0 Resp with content length : 0
Close after response : 2 Resp with header size >1K: 0
Processed resp hdr size : 1500 Processed resp body bytes: 12809
Backend https response : 7 Chunked encoding requests: 0
HTTP Authentication stats :
Successful NTLM Auth : 0 Failed NTLM Auth : 0
Successful Basic Auth : 0 Failed Basic Auth : 1
Unsupported Auth : 0 Unsup Basic HTTP Method : 0
NTLM srv kp alive disabld: 0 NTLM Negotiation Error : 0
Oversize NTLM Type3 cred : 0 Internal Error : 0
Num 401 responses : 2 Num non-401 responses : 4
Num Basic forms served : 2 Num NTLM forms served : 0
Num Basic Auth sent : 6 Num NTLM Auth sent : 0
CIFS statistics:
SMB related Per Context:
TCP VC's : 0 UDP VC's : 0
Active VC's : 0 Active Contexts : 0
Aborted Conns : 0
NetBIOS related Per Context:
Name Queries : 0 Name Replies : 0
NB DGM Requests : 0 NB DGM Replies : 0
NB TCP Connect Fails : 0 NB Name Resolution Fails : 0
HTTP related Per Context:
Requests : 0 Request Bytes RX : 0
Request Packets RX : 0 Response Bytes TX : 7030
Response Packets TX : 10 Active Connections : 0
Active CIFS context : 0 Requests Dropped : 0
Socket statistics:
Sockets in use : 0 Sock Usr Blocks in use : 0
Sock Data Buffers in use : 0 Sock Buf desc in use : 0
Select timers in use : 0 Sock Select Timeouts : 0
Sock Tx Blocked : 0 Sock Tx Unblocked : 0
Sock Rx Blocked : 0 Sock Rx Unblocked : 0
Sock UDP Connects : 0 Sock UDP Disconnects : 0
Sock Premature Close : 0 Sock Pipe Errors : 0
Sock Select Timeout Errs : 0
Smart Tunnel statistics:
Client Server
proc pkts : 0 proc pkts : 0
proc bytes : 0 proc bytes : 0
cef pkts : 0 cef pkts : 0
cef bytes : 0 cef bytes : 0
Port Forward statistics:
Client Server
proc pkts : 0 proc pkts : 0
proc bytes : 0 proc bytes : 0
cef pkts : 0 cef pkts : 0
cef bytes : 0 cef bytes : 0
WEBVPN Citrix statistics:
Connections serviced : 0
Server Client
Packets in : 0 0
Packets out : 0 0
Bytes in : 0 0
Bytes out : 0 0
ACL statistics:
Permit web request : 7 Deny web request : 0
Permit cifs request : 0 Deny cifs request : 0
Permit without ACL : 7 Deny without match ACL : 0
Permit with match ACL : 0 Deny with match ACL : 0
Single Sign On statistics:
Auth Requests : 0 Pending Auth Requests : 0
Successful Requests : 0 Failed Requests : 0
Retranmissions : 0 DNS Errors : 0
Connection Errors : 0 Request Timeouts : 0
Unknown Responses : 0
URL-rewrite splitter statistics:
Direct access request : 0 Redirect request : 0
Internal request : 7
Tunnel Statistics:
Active connections : 0
Peak connections : 0 Peak time : never
Connect succeed : 0 Connect failed : 0
Reconnect succeed : 0 Reconnect failed : 0
SVCIP install IOS succeed: 0 SVCIP install IOS failed : 0
SVCIP clear IOS succeed : 0 SVCIP clear IOS failed : 0
SVCIP install TCP succeed: 0 SVCIP install TCP failed : 0
DPD timeout : 0 DTLS packet drop : 0
Client
in CSTP frames : 0 in CSTP control : 0
in CSTP data : 0 in CSTP bytes : 0
in CSTP Addr Reqs : 0 in CSTP DPD Reqs : 0
in CSTP DPD Resps : 0 in CSTP Msg Reqs : 0
out CSTP frames : 0 out CSTP control : 0
out CSTP data : 0 out CSTP bytes : 0
out CSTP Addr Resps : 0 out CSTP DPD Reqs : 0
out CSTP DPD Resps : 0 out CSTP Msg Reqs : 0
in CDTP frames : 0 in CDTP control : 0
in CDTP data : 0 in CDTP bytes : 0
out CDTP frames : 0 out CDTP control : 0
out CDTP data : 0 out CDTP bytes : 0
cef in CSTP data frames : 0 cef in CSTP data bytes : 0
cef out CSTP data frames : 0 cef out CSTP data bytes : 0
cef in CDTP data frames : 0 cef in CDTP data bytes : 0
cef out CDTP data frames : 0 cef out CDTP data bytes : 0
Server
In IP pkts : 0 In IP bytes : 0
In congested pkts : 0 In bad pkts : 0
In forwarded pkts : 0 In non fwded pkts : 0
Out IP pkts : 0 Out IP bytes : 0
Out bad pkts : 0 Out filtered pkts : 0
Out non forwaded pkts : 0 Out forwarded pkts : 0
--------------------------------------------------------------------------------
show webvpn install package svc
--------------------------------------------------------------------------------
SSLVPN Package SSL-VPN-Client installed:
File: \webvpn\stc\10\index.html, size: 325
File: \webvpn\stc\1\AnyConnectConfiguration.xsd, size: 17300
File: \webvpn\stc\1\AnyConnectProfile.xsd, size: 85653
File: \webvpn\stc\1\FAProfile.xml, size: 464
File: \webvpn\stc\1\FAProfile.xsd, size: 1289
File: \webvpn\stc\1\ISEPostureCFG.xml, size: 1989
File: \webvpn\stc\1\ISEPostureCFG.xsd, size: 3889
File: \webvpn\stc\1\L2info.dat, size: 635
File: \webvpn\stc\1\NAM_Profile_Default.xml, size: 6673
File: \webvpn\stc\1\NVMProfile.xml, size: 273
File: \webvpn\stc\1\NVMProfile.xsd, size: 985
File: \webvpn\stc\1\ProfileEditor.xml, size: 101
File: \webvpn\stc\1\ServiceProfileManifest.xml, size: 2919
File: \webvpn\stc\1\VPNManifest.xml, size: 2219
File: \webvpn\stc\1\WebSecurity.xsd, size: 40529
File: \webvpn\stc\1\WebSecurity_3_0.xsd, size: 31381
File: \webvpn\stc\1\WebSecurity_Profile_Default.xml, size: 6089
File: \webvpn\stc\1\Windows, size: 13
File: \webvpn\stc\1\binaries\VPNJava.jar, size: 160197
File: \webvpn\stc\1\binaries\anyconnect-amp-win-4.2.03013-web-deploy-k9.exe, size: 620480
File: \webvpn\stc\1\binaries\anyconnect-dart-win-4.2.03013-k9.msi, size: 1169920
File: \webvpn\stc\1\binaries\anyconnect-gina-win-4.2.03013-web-deploy-k9.exe, size: 837872
File: \webvpn\stc\1\binaries\anyconnect-ise-network-assistant-win-4.2.03013.exe, size: 330384
File: \webvpn\stc\1\binaries\anyconnect-iseposture-win-4.2.03013-web-deploy-k9.msi, size: 1192960
File: \webvpn\stc\1\binaries\anyconnect-nam-win-4.2.03013-k9.msi, size: 3902976
File: \webvpn\stc\1\binaries\anyconnect-nvm-win-4.2.03013-web-deploy-k9.exe, size: 1878504
File: \webvpn\stc\1\binaries\anyconnect-posture-win-4.2.03013-web-deploy-k9.msi, size: 691200
File: \webvpn\stc\1\binaries\anyconnect-websecurity-win-4.2.03013-web-deploy-k9.exe, size: 1468432
File: \webvpn\stc\1\binaries\anyconnect-win-4.2.03013-web-deploy-k9.exe, size: 3674856
File: \webvpn\stc\1\binaries\anyconnectprof.sgz, size: 1316768
File: \webvpn\stc\1\binaries\generator.jar, size: 24666
File: \webvpn\stc\1\binaries\main.js, size: 31110
File: \webvpn\stc\1\binaries\ocx.htm, size: 245
File: \webvpn\stc\1\binaries\ocx64.htm, size: 247
File: \webvpn\stc\1\binaries\pkginit.js, size: 1477
File: \webvpn\stc\1\binaries\transform\iseposture_UninstallOldNAC.mst, size: 20480
File: \webvpn\stc\1\binaries\update.txt, size: 11
File: \webvpn\stc\1\binaries\vpndownloader.exe, size: 964608
File: \webvpn\stc\1\binaries\vpnweb.cab, size: 79271
File: \webvpn\stc\1\binaries\vpnweb64.cab, size: 86790
File: \webvpn\stc\1\configuration.xsd, size: 91456
File: \webvpn\stc\1\configuration_5_0.xsd, size: 77260
File: \webvpn\stc\1\configuration_5_1.xsd, size: 86611
File: \webvpn\stc\1\configuration_5_1_1.xsd, size: 88406
File: \webvpn\stc\1\configuration_cvt.xsd, size: 86938
File: \webvpn\stc\1\empty.html, size: 134
File: \webvpn\stc\1\feedback.xsd, size: 2902
File: \webvpn\stc\1\headinfo.txt, size: 480
File: \webvpn\stc\1\images\anyconnect-24.png, size: 1768
File: \webvpn\stc\1\images\buttons.gif, size: 2062
File: \webvpn\stc\1\images\company-logo.png, size: 2956
File: \webvpn\stc\1\images\header.jpg, size: 5456
File: \webvpn\stc\1\images\infobar.gif, size: 2775
File: \webvpn\stc\1\images\loading.gif, size: 1474
File: \webvpn\stc\1\images\windows-ise-trayicon.gif, size: 6650
File: \webvpn\stc\1\images\windows-trayicon.gif, size: 3048
File: \webvpn\stc\1\images\windows-xp-later-ise-trayicon.gif, size: 3661
File: \webvpn\stc\1\images\windows-xp-later-trayicon.gif, size: 3628
File: \webvpn\stc\1\index.html, size: 5943
File: \webvpn\stc\1\locale\LC_MESSAGES\AnyConnect.po, size: 209174
File: \webvpn\stc\1\pkgversion.xml, size: 76
File: \webvpn\stc\1\strings.js, size: 3975
File: \webvpn\stc\1\style.css, size: 3159
File: \webvpn\stc\1\telemetry.xsd, size: 1588
File: \webvpn\stc\1\tips.htm, size: 8524
File: \webvpn\stc\1\updateFeed.xml, size: 952
File: \webvpn\stc\1\validateRules_5_0.xsl, size: 34685
File: \webvpn\stc\1\validateRules_5_1.xsl, size: 39271
File: \webvpn\stc\1\version.txt, size: 86
File: \webvpn\stc\profiles\WebVPNProfile.xml, size: 2418
Total files: 70
--------------------------------------------------------------------------------
show webvpn install status svc
--------------------------------------------------------------------------------
SSLVPN Package SSL-VPN-Client version installed:
CISCO STC win2k+
4,2,03013
Hostscan Version 4.2.03013
Fri 03/25/2016 7:04:07.01
--------------------------------------------------------------------------------
- Labels:
-
AnyConnect
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-05-2016 01:40 PM
Update.
I have the gateway "Cisco-WebVPN domain CaosVPNNoCSD" in this way.
In Order to connect with anyconnect, also in stand alone mode (wihout log in the page) i had to:
In Ios 15.0 and lower you can connect directly on Anyconnect using the address of the router.
In IOS 15.1 and upper you have to specify the hostname.net/DOMAIN.
(suggest to create a VPN Profile and insert Hostname and group (context), in my case "CaosVPNNoCSD"
Tomorrow i make final test.
Bye luca
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide