04-12-2018 11:47 AM - edited 03-12-2019 05:11 AM
I am working on getting AnyConnect functional with a context on a multi-context 5585. Most everything that is supposed to work is working, except the AnyConnect Client Profile page. I've attached a screen shot of what it displays. I've tried a different version of ASDM and it does the same thing.
As anyone run into this in multi-context mode?
Solved! Go to Solution.
10-15-2018 09:03 PM
I just had the same problem and I found a workaround that worked for me at least.
When I connect to the ASA with its FQDN it will always fail however if I type the IP into ASDM instead it works just fine.
Give it a try.
04-12-2018 01:17 PM
What's the version of the ASA and ASDM? ASDM 7.6(2) and above versions supports client profile with multiple-context.
04-12-2018 01:39 PM - edited 04-12-2018 01:51 PM
ASA is 9.7(1)21 and ASDM is 7.8(1)150.
Additionally, I've tried 3 other versions of ASDM on 2 different machines and it's the same behaviour. I've got the profile setup via the CLI, but basic testing shows it's not taking affect. Also, under the group policy settings I can't add or edit. Clicking either button does nothing.
04-13-2018 07:48 AM
Was this every working at any point? I could not find any open customer-facing bugs for profile editor on multi-context ASDM. Quick question. What version of the Anyconnect client do you have added to the Anyconnect image section? To add a new profile using ASDM, you must have the AnyConnect Secure Mobility Client release 4.2.00748 or 4.3.03013 and later.
Another thing to note is the flash file system availability for the contexts. With the support for profiles and Anyconnect images, you would have to create private virtual flashes that can be used only by the respective context. If not already done, can you check the steps given here:
04-16-2018 10:50 AM
I have created private storage for only this context. Additionally, the anyconnect image is there, and it's 4.4. It behaves like a bug. I'll probably open a TAC case to investigate it further.
04-16-2018 11:20 AM - edited 04-16-2018 11:22 AM
I did some further testing and it appears adding the AnyConnect image is what breaks the Profile editor, and Group Policy. Removing it allows me to add and edit in the GP section again, and shows the Client Policy section again. Bizarre. I tried a different version of AC client, this time 4.5 and it's doing the same thing.
09-26-2018 12:58 AM
03-10-2019 02:11 PM
Sorry I'm just getting around to replying to this. See the accepted solution. It's weird but that does seem to fix it. I opened a TAC case and after working with an Engineer on 3 separate occasions I demonstrated that using the IP as opposed to the FQDN is a work around. Cisco published a bug based on my case, and I don't think it's been addressed yet.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn14397/?rfs=iqvred
03-10-2019 08:06 PM
Interesting. Good to know about that bug - thanks for sharing the work around.
10-15-2018 09:03 PM
I just had the same problem and I found a workaround that worked for me at least.
When I connect to the ASA with its FQDN it will always fail however if I type the IP into ASDM instead it works just fine.
Give it a try.
07-13-2022 02:48 AM
I have had a similar issue, what I found is that if you add the linux pkg to client software you are able to get to the profile editor and add, edit and remove profiles
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide