Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1462
Views
0
Helpful
5
Replies

Portalpage not shown for Anyconnect SSL on ASA

juergenwe
Level 1
Level 1

‎02-28-2013 07:38 AM

Hello,

I try to configure Anyconnect SSL on ASA 5520 (hot standby), 8.4(5), asdm 7.1(1)52.

The goal: users should login to the portalpage and download the Anyconnect client software that is already in place on disk0.

IPSec VPN Client access (certificate based) is allready working on the same interface, Anyconnect users should use the same authentication as IPSec Users. In this case it is x-auth via radius.

In ASDM I followed "Wizard -> Anyconnect VPN Wizard" but it is not working: the portalpage is not shown on https://<ASA-outside-adress>.

I would appreciate very much any idea that guides me the right direction.

Best Regards
Juergen

1 person had this problem
Labels:
0 Helpful
5 Replies 5

juergenwe
Level 1
Level 1

‎03-12-2013 07:29 AM

Now the Portalpage is working ... but only on the inside interface

Login, authentication and subsequent Anyconnect Client download is working, IP Adress is given by a local ASA pool ... still a problem: no packets are routet through the tunnel.

When connecting the outside interface, the https requests is timing out. The ASA logging shows

"Mar 12 15:23:44 fw-mytestasa : %ASA-7-710005: TCP request discarded from 200.200.200.200/4399 to INTERNET:123.123.123.123/443"

Any idea why the request to the INTERNET interface is discarded?

Best Regards

Juergen

0 Helpful

juergenwe
Level 1
Level 1
In response to juergenwe

‎03-12-2013 07:52 AM

sh run webvpn:

webvpn

enable inside

enable INTERNET

anyconnect image disk0:/anyconnect-win-3.1.02026-k9.pkg 1 regex "Windows NT"

anyconnect image disk0:/anyconnect-macosx-i386-3.1.02026-k9.pkg 2 regex "Intel Mac OS X"

anyconnect image disk0:/anyconnect-linux-3.1.02026-k9.pkg 3 regex "Linux"

anyconnect enable

0 Helpful

Javier Portuguez
Level 9
Level 9
In response to juergenwe

‎03-12-2013 07:33 PM

Hello Juergen,

That command should enable it on outside interface.

Are you still experiencing issues?

HTH.

Portu.

0 Helpful

juergenwe
Level 1
Level 1
In response to Javier Portuguez

‎03-13-2013 02:34 AM

Hello Javier,

thanks a lot for your reply.

Are you still experiencing issues? --> Yes, still not working on the INTERNET interface. Strange is: there is no tcp handshake between clientpc and ASA, only the above metioned "TCP request discarded" logging message.

So there must be an interface depending way to enable/disable the webvpn/portalpage, the commands

webvpn

enable inside

enable INTERNET

obviously are not enougth.

Regards

Juergen

0 Helpful

Javier Portuguez
Level 9
Level 9
In response to juergenwe

‎03-14-2013 11:13 AM

Juergen,

Would it be possible to reload this ASA?

Thanks.

0 Helpful
Customers Also Viewed These Support Documents