hi all,

i've been trying to setup an SSL VPN on my 1841 lab router but with no luck. i tried both clientless (anyconnect 2.5) and using a vpn client (anyconnect 3.0).

i'm using a win 7 PC with IP 172.16.1.50 directly connected to 1841 FE0/1 port. tried disabling PC FW, used both IE and FF and delete cookes but to no avail. below are my config and some show and debug output. could someone advise if my config is ok and what other steps i should take? thanks in advance!

SSL_VPN_GW#show webvpn gateway

Gateway Name                       Admin  Operation

------------                       -----  ---------

SSL_VPN_GW                         up     up

SSL_VPN_GW#show webvpn context

Codes: AS - Admin Status, OS - Operation Status

       VHost - Virtual Host

Context Name        Gateway  Domain/VHost      VRF      AS    OS

------------        -------  ------------      -------  ----  --------

SSL_VPN_CONTEXT     SSL_VPN_ -                 -        up    up

SSL_VPN_GW#debug webvpn

WebVPN debugs debugging is on

SSL_VPN_GW#

Jan 27 03:19:56.691: SSLVPN: [Q]Client side Chunk data written..

buffer=0x649035B8 total_len=2033 bytes=2033 tcb=0x642479E8

Jan 27 03:19:56.691: SSLVPN: Client side Chunk data written..

buffer=0x64903598 total_len=1121 bytes=1121 tcb=0x642479E8

Jan 27 03:19:56.691: SSLVPN: sslvpn process rcvd context queue event

SSL_VPN_GW#

Jan 27 03:21:15.711: SSLVPN: sslvpn process rcvd context queue event

Jan 27 03:21:15.715: SSLVPN: sslvpn process rcvd context queue event

SSL_VPN_GW#

Jan 27 03:21:20.775: SSLVPN: sslvpn process rcvd context queue event

Jan 27 03:21:20.779: SSLVPN: Entering APPL with Context: 0x647037A0,

          Data buffer(buffer: 0x649035D8, data: 0xE7201D98, len: 1,

          offset: 0, domain: 0)

Jan 27 03:21:20.779: SSLVPN: Fragmented App data - buffered

Jan 27 03:21:20.779: SSLVPN: Entering APPL with Context: 0x647037A0,

          Data buffer(buffer: 0x64903598, data: 0xE75C0BB8, len: 483,

          offset: 0, domain: 0)

Jan 27 03:21:20.779: SSLVPN: Appl. processing Failed : 2

Jan 27 03:21:20.779: SSLVPN: server side not ready to send.

SSL_VPN_GW#

Jan 27 03:21:50.879: SSLVPN: sslvpn process rcvd context queue event

Jan 27 03:21:50.883: SSLVPN: sslvpn process rcvd context queue event

Jan 27 03:21:50.887: SSLVPN: sslvpn process rcvd context queue event

Jan 27 03:21:50.887: SSLVPN: Entering APPL with Context: 0x647037A0,

          Data buffer(buffer: 0x64903598, data: 0xE75BD6B8, len: 1,

          offset: 0, domain: 0)

Jan 27 03:21:50.887: SSLVPN: Fragmented App data - buffered

Jan 27 03:21:50.887: SSLVPN: Entering APPL with Context: 0x647037A0,

          Data buffer(buffer: 0x649035D8, data: 0xE7203058, len: 483,

          offset: 0, domain: 0)

Jan 27 03:21:50.887: SSLVPN: Appl. processing Failed : 2

SSL_VPN_GW#

Jan 27 03:21:50.887: SSLVPN: server side not ready to send.

SSL_VPN_GW#

Jan 27 03:22:20.367: SSLVPN: sslvpn process rcvd context queue event

Jan 27 03:22:20.367: SSLVPN: sslvpn process rcvd context queue event

SSL_VPN_GW#

Jan 27 03:22:21.791: SSLVPN: sslvpn process rcvd context queue event

Jan 27 03:22:21.795: SSLVPN: sslvpn process rcvd context queue event

Jan 27 03:22:21.799: SSLVPN: sslvpn process rcvd context queue event

Jan 27 03:22:21.799: SSLVPN: Entering APPL with Context: 0x64703988,

          Data buffer(buffer: 0x649035D8, data: 0xE7204718, len: 426,

          offset: 0, domain: 0)

Jan 27 03:22:21.799: SSLVPN: Appl. processing Failed : 2

Jan 27 03:22:21.799: SSLVPN: server side not ready to send.

Jan 27 03:22:22.599: SSLVPN: sslvpn process rcvd context queue event

Jan 27 03:22:22.603: SSLVPN: sslvpn process rcvd context queue event

SSL_VPN_GW#

Jan 27 03:22:23.691: SSLVPN: sslvpn process rcvd context queue event

Jan 27 03:22:23.695: SSLVPN: sslvpn process rcvd context queue event

Jan 27 03:22:23.699: SSLVPN: sslvpn process rcvd context queue event

Jan 27 03:22:23.699: SSLVPN: Entering APPL with Context: 0x64703B70,

          Data buffer(buffer: 0x649035D8, data: 0xE7203058, len: 147,

          offset: 0, domain: 0)

Jan 27 03:22:23.699: SSLVPN: http request: / with no cookie

Jan 27 03:22:23.699: SSLVPN: Client side Chunk data written..

buffer=0x64903598 total_len=196 bytes=196 tcb=0x642DA46C

Jan 27 03:22:23.699: SSLVPN: sslvpn process rcvd context queue event

Jan 27 03:22:23.811: SSLVPN: sslvpn process rcvd context queue event

Jan 27 03:22:23.815: SSLVPN: sslvpn process rcvd context queue event

Jan 27 03:22:23.927: SSLVPN: sslvpn process rcvd context queue event

Jan 27 03:22:23.931: SSLVPN: sslvpn process rcvd context queue event

Jan 27 03:22:23.935: SSLVPN: sslvpn process rcvd context queue event

Jan 27 03:22:23.935: SSLVPN: Entering APPL with Context: 0x64703F40,

          Data buffer(buffer: 0x649035D8, data: 0xE7204A58, len: 200,

          offset: 0, domain: 0)

Jan 27 03:22:23.935: SSLVPN: http request: /webvpn.html with domain cookie

SSL_VPN_GW#

Jan 27 03:22:23.939: SSLVPN: [Q]Client side Chunk data written..

buffer=0x64903598 total_len=2033 bytes=2033 tcb=0x640B5608

Jan 27 03:22:23.939: SSLVPN: Client side Chunk data written..

buffer=0x649035B8 total_len=1121 bytes=1121 tcb=0x640B5608

Jan 27 03:22:23.939: SSLVPN: sslvpn process rcvd context queue event

----

AnyConnect v3.0.0629

[Sun Jan 27 11:46:15 2013] Contacting 172.16.1.254.

[Sun Jan 27 11:46:38 2013] Connection attempt has failed.

[Sun Jan 27 11:48:52 2013] Contacting 172.16.1.254.

[Sun Jan 27 11:49:06 2013] Connection attempt has failed.

[Sun Jan 27 11:52:16 2013] Network error. Unable to lookup host names.

[Sun Jan 27 11:52:46 2013] Verify your network connection.

[Sun Jan 27 11:52:53 2013] Network error. Unable to lookup host names.

[Sun Jan 27 11:53:23 2013] Verify your network connection.

----

SSL_VPN_GW#sh run

Building configuration...

Current configuration : 3203 bytes

!

! Last configuration change at 03:19:18 UTC Sun Jan 27 2013

! NVRAM config last updated at 02:52:22 UTC Sun Jan 27 2013

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname SSL_VPN_GW

!

boot-start-marker

boot-end-marker

!

!

aaa new-model

!

!

aaa authentication login SSL_VPN_AUTHENTICATION local

!

aaa session-id common

!

resource policy

!

ip cef

!

!

!

!

ip name-server 172.16.1.254

!

!

crypto pki trustpoint TP-self-signed-514137430

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-514137430

revocation-check none

rsakeypair TP-self-signed-514137430

!

!

crypto pki certificate chain TP-self-signed-514137430

certificate self-signed 02

  30820240 308201A9 A0030201 02020102 300D0609 2A864886 F70D0101 04050030

  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 35313431 33373433 30301E17 0D313330 31323730 32353232

  325A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F

  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3531 34313337

  34333030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100

  BDB083BB AC2D3D47 E76A38C2 3CFE97F6 A70B07B6 3BC9EE89 D261AB83 EE78F03C

  E9719CB5 128C16F9 3AD658A5 49B3A220 1170C75C A15A5EA8 4FCBF4E4 42DF67B0

  9B78BCDB 29C92794 9C932933 C978BB97 7F7B0B8C 19A37C14 B35B1937 415FA79E

  EE9D39B2 AFCF3502 1C8241E2 A6EF9369 AD02BD5F 7556030C 2B7B579F 659F433F

  02030100 01A36A30 68300F06 03551D13 0101FF04 05300301 01FF3015 0603551D

  11040E30 0C820A53 534C5F56 504E5F47 57301F06 03551D23 04183016 8014FBF5

  F3C6F2E1 1CFB888B BE2736A7 5151480C FCEB301D 0603551D 0E041604 14FBF5F3

  C6F2E11C FB888BBE 2736A751 51480CFC EB300D06 092A8648 86F70D01 01040500

  03818100 B85ECA67 B6302EFA A7E31A65 96836F44 F3AA3336 3580F231 E9C3BA4C

  2802EEE8 AADDFA1D BF4BB36A C21FCE3D 0960284E F58AD227 3FA9F1A0 CDF48A28

  9C1CE5BC EF3449D0 D3E8CC9C 7EDB7CFE 193477E0 4407E5F8 B7956546 2F4E5D61

  5E542E6D 8A242B33 C21C77BF 2BB9E366 E80DD4F0 7937FBC4 51D6E258 13157D13 870097BE

  quit

username vpnuser password 0 cisco123

!

!

!

!

!

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 172.16.1.254 255.255.255.0

duplex auto

speed auto

!

ip local pool SSL_VPN_POOL 192.168.1.10 192.168.1.150

!

!

ip http server

ip http secure-server

!

!

!

!

!

control-plane

!

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

!

scheduler allocate 20000 1000

!

webvpn gateway SSL_VPN_GW

ip address 172.16.1.254 port 443

http-redirect port 80

ssl encryption 3des-sha1 aes-sha1

ssl trustpoint TP-self-signed-514137430

inservice

!

webvpn install svc flash:/webvpn/svc.pkg

!

webvpn context SSL_VPN_CONTEXT

ssl authenticate verify all

!

!

policy group SSL_VPN_POLICY

   functions svc-enabled

   banner "Welcom to SSL VPN Lab"

   svc address-pool "SSL_VPN_POOL"

   svc keep-client-installed

default-group-policy SSL_VPN_POLICY

aaa authentication list SSL_VPN_AUTHENTICATION

gateway SSL_VPN_GW

inservice

!

end