10-21-2010 12:47 PM
Clientless SSL VPN errors. I have two groups that I get from the main login(AnyConnectVPN & ClientLessVPN). AnyConnect works fine and start the Anyconnect Client. But when I chose the ClientLessVPN group and login to access the web, I get this error (Clientless (browser) SSL VPN access is not allowed.).What am I missing, here is the config.
webvpn
enable outside
anyconnect-essentials
svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 1
svc enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec
group-policy ClientLessVPNGroup internal
group-policy ClientLessVPNGroup attributes
vpn-tunnel-protocol webvpn
webvpn
svc ask none default webvpn
group-policy AnnyConnectVPNGroup internal
group-policy AnnyConnectVPNGroup attributes
vpn-tunnel-protocol svc
webvpn
svc keep-installer none
tunnel-group ClientLessVPN type remote-access
tunnel-group ClientLessVPN general-attributes
default-group-policy ClientLessVPNGroup
tunnel-group ClientLessVPN webvpn-attributes
group-alias ClientLessVPN enable
tunnel-group AnnyConnectVPN type remote-access
tunnel-group AnnyConnectVPN general-attributes
address-pool VPNPOOL
default-group-policy AnnyConnectVPNGroup
tunnel-group AnnyConnectVPN webvpn-attributes
group-alias AnnyConnectVPN enable
group-url https://xx.xx.xx.xx/AnnyConnectVPN enable
!
10-21-2010 04:20 PM
You are running and having AnyConnect Essential license on your ASA which does not support Clientless SSL VPN.
There are 2 types of SSL VPN license:
1) AnyConnect Essential license - only supports AnyConnect client connections
2) AnyConnect Premium license (user base license) - supports all flavours of SSL VPN, including: clientless SSL VPN, AnyConnect client VPN, and all the advanced features of SSL VPN.
Hope that answers your question.
10-22-2010 07:53 AM
This is what is enabled,I have 10 SSL
Device License VPN Plus
AnyConnect Essentials Enabled
SSL VPN Peers 10
10-22-2010 10:08 AM
Double checked the LIC
Have 10 Premium User Lic
L-ASA-SSL-10= ASA 5500 SSL VPN 10 Premium User License
10-22-2010 02:44 PM
You can't have both AnyConnect Essential license and AnyConnect Premium license enabled at the same ASA. It is one or the other.
Since you have both enabled at the moment, if you would like to use the Clientless SSL VPN, you can disable the AnyConnect Essestial license, and make use of the 10 AnyConnect Premium license. But please kindly be advised that you will only have maximum of 10 concurrent SSL VPN connections.
Here is the command to disable AnyConnect Essential:
webvpn
no anyconnect-essentials
Here is the command reference:
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/a2.html#wp1668278
Hope that answers your question.
09-15-2013 03:40 AM
Thanks, this solved my problem to :-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide