10-21-2010 12:47 PM
Clientless SSL VPN errors. I have two groups that I get from the main login(AnyConnectVPN & ClientLessVPN). AnyConnect works fine and start the Anyconnect Client. But when I chose the ClientLessVPN group and login to access the web, I get this error (Clientless (browser) SSL VPN access is not allowed.).What am I missing, here is the config.
webvpn
 enable outside
 anyconnect-essentials
 svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 1
 svc enable
 tunnel-group-list enable
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol IPSec l2tp-ipsec
group-policy ClientLessVPNGroup internal
group-policy ClientLessVPNGroup attributes
 vpn-tunnel-protocol webvpn
 webvpn
  svc ask none default webvpn
group-policy AnnyConnectVPNGroup internal
group-policy AnnyConnectVPNGroup attributes
 vpn-tunnel-protocol svc
 webvpn
  svc keep-installer none
tunnel-group ClientLessVPN type remote-access
tunnel-group ClientLessVPN general-attributes
 default-group-policy ClientLessVPNGroup
tunnel-group ClientLessVPN webvpn-attributes
 group-alias ClientLessVPN enable
tunnel-group AnnyConnectVPN type remote-access
tunnel-group AnnyConnectVPN general-attributes
 address-pool VPNPOOL
 default-group-policy AnnyConnectVPNGroup
tunnel-group AnnyConnectVPN webvpn-attributes
 group-alias AnnyConnectVPN enable
 group-url https://xx.xx.xx.xx/AnnyConnectVPN enable
!
 
					
				
		
10-21-2010 04:20 PM
You are running and having AnyConnect Essential license on your ASA which does not support Clientless SSL VPN.
There are 2 types of SSL VPN license:
1) AnyConnect Essential license - only supports AnyConnect client connections
2) AnyConnect Premium license (user base license) - supports all flavours of SSL VPN, including: clientless SSL VPN, AnyConnect client VPN, and all the advanced features of SSL VPN.
Hope that answers your question.
10-22-2010 07:53 AM
This is what is enabled,I have 10 SSL
Device License VPN Plus
AnyConnect Essentials Enabled
SSL VPN Peers 10
10-22-2010 10:08 AM
Double checked the LIC
Have 10 Premium User Lic
L-ASA-SSL-10= ASA 5500 SSL VPN 10 Premium User License
 
					
				
		
10-22-2010 02:44 PM
You can't have both AnyConnect Essential license and AnyConnect Premium license enabled at the same ASA. It is one or the other.
Since you have both enabled at the moment, if you would like to use the Clientless SSL VPN, you can disable the AnyConnect Essestial license, and make use of the 10 AnyConnect Premium license. But please kindly be advised that you will only have maximum of 10 concurrent SSL VPN connections.
Here is the command to disable AnyConnect Essential:
webvpn
  no anyconnect-essentials
Here is the command reference:
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/a2.html#wp1668278
Hope that answers your question.
 
					
				
		
09-15-2013 03:40 AM
Thanks, this solved my problem to :-)
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide