Well, I went to work

RvdKraats · ‎08-31-2016

Hi all,

I made some progress in getting WebVPN to work by upgrading from IOS 12.4 to 15.1 on my 1811 ISR.

It connects, asks for a user/password, but then it tells me it can't grab the SVC package, and there it stops.

The client however is already installed on the laptop, so there's no need to grab that package.

I tried it on my Chromebook also (with Anyconnect already installed too), but it also doesn't get beyond the user/password.

My question is: how do I make the Anyconnect client ignore the fact that there's no package installed on the 1811's flashcard, and just continue setting up the SSL connection?

I've tried all kinds of 'functions svc-enable/required' options, leaving that specific command out...but nothing helps.

Regards,

Rene.

pjain2 · ‎08-31-2016

WHen the anyconnect client complains that it cannot find the anyconnect package, it is looking for that on the router rather on the machine. hence, can you verify if you have anyconnect client image in the flash of the router and bind to the webvpn config.

below is the link which explains how to do so:

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/904-cisco-router-anyconnect-webvpn.html

RvdKraats · ‎09-01-2016

Hi pjain2,

Thanks for looking into this. I'm pretty sure that the file isn't there; I left it out because the Anyconnect client is already installed on the machines that are supposed to make a connection.

Also, one is a Chromebook with the installed Anyconnect app; I'm pretty sure there's no Chromebook package to put on the router's flashcard.

It baffles me why the clients see this as an error as they already have the package installed; it feels like something is telling them they HAVE to install it from the router, no matter what.

Is there a way to let them ignore the fact that there's no client image installed?

I don't know if this is important or not, but I'm trying to set up tunnel mode.

Regards,

Rene.

pjain2 · ‎09-01-2016

it isn't trying to download the package from the router, rather having the client image is a necessity to built a vpn. you have to have an image on the router for the devices to be able to connect. you can install a windows pakg on the router and the chromebook users will also be able to connect

RvdKraats · ‎09-01-2016

pjain2,

I did not know this!

I'll try it immediately when I get home, thanks!

RvdKraats · ‎09-01-2016

pjain2,

Something that I was thinking of right now...

All clients are already installed, so I do not need a package pushed from the router.

Would it work (I'll try later when I get home) if I just left out the 'svc-enabled' and 'svc-required' commands? Maybe the router won't push the package that way?

Rene.

RvdKraats · ‎09-02-2016

Well, I went to work yesterday evening. I tried fiddling with the 'function svc-enabled / required' setting, but the result was the same; Windows (or maybe the router) complained about not finding the svc package, and my Chromebook threw a 'unknown error'.

I tried logging into the webpage first, that worked, but starting the anyconnect software after that didn't result in succes.

I also tried to put the Windows Anyconnect package on the flashcard (although I still don't understand how that would help the Chromebook, but apparently Chromebooks CAN work with Cisco SSL VPN too), but alas...when running the 'webvpn svc install' command it turned out my flashcard had too little capacity :(

IOS 15.1: Using Anyconnect/WebVPN without forcing a package download.