cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
25609
Views
19
Helpful
5
Replies
gjohnson1963
Beginner

ClientLess VPN (Clientless (browser) SSL VPN access is not allowed.)

Clientless SSL VPN errors. I have two groups that I get from the main login(AnyConnectVPN & ClientLessVPN). AnyConnect works fine and start the Anyconnect Client. But when I chose the ClientLessVPN group  and login to access the web, I get this error (Clientless (browser) SSL VPN access is not allowed.).What am I missing, here is the config.

webvpn
enable outside
anyconnect-essentials
svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 1
svc enable
tunnel-group-list enable

group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec
group-policy ClientLessVPNGroup internal
group-policy ClientLessVPNGroup attributes
vpn-tunnel-protocol webvpn
webvpn
  svc ask none default webvpn
group-policy AnnyConnectVPNGroup internal
group-policy AnnyConnectVPNGroup attributes
vpn-tunnel-protocol svc
webvpn
  svc keep-installer none
tunnel-group ClientLessVPN type remote-access
tunnel-group ClientLessVPN general-attributes
default-group-policy ClientLessVPNGroup
tunnel-group ClientLessVPN webvpn-attributes
group-alias ClientLessVPN enable
tunnel-group AnnyConnectVPN type remote-access
tunnel-group AnnyConnectVPN general-attributes
address-pool VPNPOOL
default-group-policy AnnyConnectVPNGroup
tunnel-group AnnyConnectVPN webvpn-attributes
group-alias AnnyConnectVPN enable
group-url https://xx.xx.xx.xx/AnnyConnectVPN enable
!

5 REPLIES 5
Jennifer Halim
Cisco Employee

You are running and having AnyConnect Essential license on your ASA which does not support Clientless SSL VPN.

There are 2 types of SSL VPN license:

1) AnyConnect Essential license - only supports AnyConnect client connections

2) AnyConnect Premium license (user base license) - supports all flavours of SSL VPN, including: clientless SSL VPN, AnyConnect client VPN, and all the advanced features of SSL VPN.

Hope that answers your question.

This is what is enabled,I have 10 SSL

Device License                        VPN Plus

AnyConnect Essentials            Enabled

SSL VPN Peers                      10

Double checked the LIC

Have 10 Premium User Lic

L-ASA-SSL-10= ASA 5500 SSL VPN 10 Premium User License

You can't have both AnyConnect Essential license and AnyConnect Premium license enabled at the same ASA. It is one or the other.

Since you have both enabled at the moment, if you would like to use the Clientless SSL VPN, you can disable the AnyConnect Essestial license, and make use of the 10 AnyConnect Premium license. But please kindly be advised that you will only have maximum of 10 concurrent SSL VPN connections.

Here is the command to disable AnyConnect Essential:

webvpn

  no anyconnect-essentials

Here is the command reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/a2.html#wp1668278

Hope that answers your question.

Thanks, this solved my problem to  :-)

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE- Guest and Posture Troubleshooting (40%)

Content for Community-Ad