cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3193
Views
5
Helpful
10
Replies

Multi-Context AnyConnect Client profile page not working

neteng2323
Level 1
Level 1

I am working on getting AnyConnect functional with a context on a multi-context 5585.  Most everything that is supposed to work is working, except the AnyConnect Client Profile page.  I've attached a screen shot of what it displays.  I've tried a different version of ASDM and it does the same thing. 

 

As anyone run into this in multi-context mode?

 

 

1 Accepted Solution

Accepted Solutions

I just had the same problem and I found a workaround that worked for me at least.

When I connect to the ASA with its FQDN it will always fail however if I type the IP into ASDM instead it works just fine.

 

Give it a try.

 

 

View solution in original post

10 Replies 10

Rahul Govindan
VIP Alumni
VIP Alumni

What's the version of the ASA and ASDM? ASDM 7.6(2) and above versions supports client profile with multiple-context. 

ASA is 9.7(1)21 and ASDM is 7.8(1)150.

 

Additionally, I've tried 3 other versions of ASDM on 2 different machines and it's the same behaviour.  I've got the profile setup via the CLI, but basic testing shows it's not taking affect.  Also, under the group policy settings I can't add or edit.  Clicking either button does nothing.  

Was this every working at any point? I could not find any open customer-facing bugs for profile editor on multi-context ASDM. Quick question. What version of the Anyconnect client do you have added to the Anyconnect image section? To add a new profile using ASDM, you must have the AnyConnect Secure Mobility Client release 4.2.00748 or 4.3.03013 and later.

 

Another thing to note is the flash file system availability for the contexts. With the support for profiles and Anyconnect images, you would have to create private virtual flashes that can be used only by the respective context. If not already done, can you check the steps given here:

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/200353-ASA-Multi-Context-Mode-Remote-Access-A.html#anc10

 

I have created private storage for only this context.  Additionally, the anyconnect image is there, and it's 4.4.  It behaves like a bug.  I'll probably open a TAC case to investigate it further.

I did some further testing and it appears adding the AnyConnect image is what breaks the Profile editor, and Group Policy.  Removing it allows me to add and edit in the GP section again, and shows the Client Policy section again. Bizarre.  I tried a different version of AC client, this time 4.5 and it's doing the same thing.

Hi! I have the same problem on my ASA. Did you find any way to solve this?

We are using shared AnyConnected image files, ASDM 7.9(2)152 and ASA 9.9(2)9 in multiple context mode.

Best regards
Daniel

Sorry I'm just getting around to replying to this.  See the accepted solution.  It's weird but that does seem to fix it.  I opened a TAC case and after working with an Engineer on 3 separate occasions I demonstrated that using the IP as opposed to the FQDN is a work around.  Cisco published a bug based on my case, and I don't think it's been addressed yet.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn14397/?rfs=iqvred

Interesting. Good to know about that bug - thanks for sharing the work around.

I just had the same problem and I found a workaround that worked for me at least.

When I connect to the ASA with its FQDN it will always fail however if I type the IP into ASDM instead it works just fine.

 

Give it a try.

 

 

I have had a similar issue, what I found is that if you add the linux pkg to client software you are able to get to the profile editor and add, edit and remove profiles