Solved: Customize the clientless logon.html site in multiple context mode

Stefan Finnbjornsson · ‎10-19-2016

Hi,

I'm running ASA5585 in multiple mode and using the recently enabled remote access VPN features.

when I navigate the VPN gateway URI in browser I get the following message:

"Clientless VPN is not supported in Multiple Context mode."

Is there a way to edit the logon.html site ?

The "export webvpn customization" command is not available.

my idea was to remove the current text and add some links pointing towards the Anyconnect installation files.

Best regards!

Marvin Rhoads · ‎10-19-2016

As the message notes, you cannot use clientless SSL VPN on a multiple context ASA. Therefore you cannot customize the clientless portal.

View solution in original post

Marvin Rhoads · ‎10-19-2016

As the message notes, you cannot use clientless SSL VPN on a multiple context ASA. Therefore you cannot customize the clientless portal.

gbercsenyi · ‎06-20-2017

Hi Marwin,

I might have the same issue. Multi context ASA with AnyConnect VPN. What I try to achieve is to enable users to download (not only upgrade the existing) AnyConnect software image from the ASA.

Is there any workaround for this?

On every client I get the "Internal Server Error" message.

Thank you for your help,

Kind regards,

Gabor

Marvin Rhoads · ‎06-20-2017

The thread was about clientless. You are asking about client-based VPN.

What version of ASA software are you running?

Do you have something like:

webvpn
  enable outside
  anyconnect image disk0:/anyconnect-win-4.4.03034-k9.pkg 1

...in the relevant context configuration?

gbercsenyi · ‎06-21-2017

Hi Marvin,

Thank you for your reply. Here is the output from our firewall.

On an other (single context and older model) ASA I can go directly to the public IP (outside) of the ASA with any browser and I can get login screen with the selection of tunnel group. On this new ASA new software and Multi Context setup I receive only "Internal Server Error" message. If I have AnyConnect and on the client computer I can connect to the ASA with VPN, working as it should. Also if I wish I could update the client software based on the profile.xml configuration.

I am thinking, what can I do with the users who has no AnyConnect client software installed yet?

Sorry for my poor English,

Thank you for your help in advance.

show run webvpn
webvpn
 enable outside
 enable GUEST
 enable inside
 anyconnect image vflash:/anyconnect-win-4.4.03034-webdeploy-k9.pkg 1
 anyconnect image vflash:/anyconnect-linux64-4.4.03034-webdeploy-k9.pkg 2
 anyconnect image vflash:/anyconnect-macos-4.4.03034-webdeploy-k9.pkg 3
 anyconnect profiles AC-Profile-xxx-ad vflash:/AC-Profile-xxx-ad.xml
 anyconnect enable
 tunnel-group-list enable

show ver | i context
Cisco Adaptive Security Appliance Software Version 9.6(3)1 <context>

Marvin Rhoads · ‎06-21-2017

Have you allocated a storage-url?

There was a good discussion several months back with examples given in this thread:

https://supportforums.cisco.com/discussion/13135396/asa-962-anyconnect-multiple-context-mode

s.aliyarukunju · ‎11-29-2017

Hi ,

I am also having the same issue prompting with "Internal Server Error" , while accessing to the VPN portal.

I believe this is only with multi-context mode , since we do not have option to run "ssl-clientless " under the VPN tunnel-protocol as shown below.

ASA1(config-group-policy)# vpn-tunnel-protocol ?

group-policy mode commands/options:
ikev1 IKE version 1
ikev2 IKE version 2
ssl-client SSL VPN Client

Please let me know , if any of you got the solution for this fix.

Regards,

shiji