cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1807
Views
0
Helpful
8
Replies

Remote Access VPN - Cisco ASA 5520

ciscokalpesh
Level 1
Level 1

Hi,

I am trying to configure Remote Access VPN in our Cicco ASA 5520 firewall through SSL VPN wizard. I tried to configure Anyconnect VPN client option, but after entering user/pass it gives error "An error was received from the secure gateway in response to the VPN negotiation request. Please contact your network administrator. The following message was received from the remote VPN device: No assigned address"

Can someone guide on this ?

As looking online there is no easy step-by-step option for same. I want to provide Remote Access VPN to some of our user abroad who should have access to few server applications and no internet access.

Can somone provide any step-by-step guide for such configuration ?

Thanks in advance.

K

8 Replies 8

You need to configure an IP-pool from which the client can get an IP-address. This pool needs to be assigned to thetunnel-group. It could look like that:

ip local pool VPN-POOL-INT 10.10.10.96-10.10.10.127 mask 255.255.255.255

!

tunnel-group VPN general-attributes

address-pool VPN-POOL-INT

Sent from Cisco Technical Support iPad App

Hello Karsten,

Thanks for reply,

I have done that, but same error.

Thanks,

K

Please paste your config to look for any mistakes.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Hello Karsten,

Thanks for reply.

I tried to configure it again as per steps in following link

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml

After that i am not getting the "No assigned address" error.

When i attempt to connect, it connects and as per the vpn session in the firewall, it assigns ip etc. Also i can see the ip address assingned in local pc through windows, but no details in the vpn client "statistics" tab

The VPN client just hangs with status - "Establishing VPN - Configuring system..."

The internet in the local computer also stops working.

Please guide.

Thanks,

K

Please paste your config to look for any mistakes.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Hello Karsten,

Thanks for your response.

Please find the "debug webvpn svc 255" output. Seems no error !

>>>>>>>>>>>>>>>>>>>>>>>

FIREWALL(config)#

FIREWALL(config)# webvpn_rx_data_tunnel_connect

CSTP state = HEADER_PROCESSING

http_parse_cstp_method()

...input: 'CONNECT /CSCOSSLC/tunnel HTTP/1.1'

webvpn_cstp_parse_request_field()

...input: 'Host: X.X.X.X' (I HAVE REMOVED THE IP)

Processing CSTP header line: 'Host: x.x.x.x' (I HAVE REMOVED THE IP)

webvpn_cstp_parse_request_field()

...input: 'User-Agent: Cisco AnyConnect VPN Agent for Windows 2.2.0133'

Processing CSTP header line: 'User-Agent: Cisco AnyConnect VPN Agent for Windows 2.2.0133'

Setting user-agent to: 'Cisco AnyConnect VPN Agent for Windows 2.2.0133'

webvpn_cstp_parse_request_field()

...input: 'Cookie: webvpn=2518072232@118784@1358898856@BA6816D0785E96793F96BF0E0B94296FD82CE5E6'

Processing CSTP header line: 'Cookie: webvpn=2518072232@118784@1358898856@BA6816D0785E96793F96BF0E0B94296FD82CE5E6'

Found WebVPN cookie: 'webvpn=2518072232@118784@1358898856@BA6816D0785E96793F96BF0E0B94296FD82CE5E6'

WebVPN Cookie: 'webvpn=2518072232@118784@1358898856@BA6816D0785E96793F96BF0E0B94296FD82CE5E6'

IPADDR: '2518072232', INDEX: '118784', LOGIN: '1358898856'

webvpn_cstp_parse_request_field()

...input: 'X-CSTP-Version: 1'

Processing CSTP header line: 'X-CSTP-Version: 1'

Setting version to '1'

webvpn_cstp_parse_request_field()

...input: 'X-CSTP-Hostname: itdep'

Processing CSTP header line: 'X-CSTP-Hostname: itdep'

Setting hostname to: 'itdep'

webvpn_cstp_parse_request_field()

...input: 'X-CSTP-Accept-Encoding: deflate;q=1.0'

Processing CSTP header line: 'X-CSTP-Accept-Encoding: deflate;q=1.0'

webvpn_cstp_parse_request_field()

...input: 'X-CSTP-MTU: 1406'

Processing CSTP header line: 'X-CSTP-MTU: 1406'

webvpn_cstp_parse_request_field()

...input: 'X-CSTP-Address-Type: IPv4'

Processing CSTP header line: 'X-CSTP-Address-Type: IPv4'

webvpn_cstp_parse_request_field()

...input: 'X-DTLS-Master-Secret: 78A00581C0015DA7CA7256A9E0AC1E206B90C8093D19D2412AC5D3C1F9F5A926C48B90BE47C870CE884E6311C41320D2'

Processing CSTP header line: 'X-DTLS-Master-Secret: 78A00581C0015DA7CA7256A9E0AC1E206B90C8093D19D2412AC5D3C1F9F5A926C48B90BE47C870CE884E6311C41320D2'

webvpn_cstp_parse_request_field()

...input: 'X-DTLS-CipherSuite: AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA'

Processing CSTP header line: 'X-DTLS-CipherSuite: AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA'

SVC: NP setup

np_svc_create_session(0x1D000, 0xC75097F0, TRUE)

webvpn_svc_np_setup

SVC ACL Name: NULL

SVC ACL ID: -1

SVC ACL ID: -1

No SVC ACL

SVC IPv6 ACL Name: NULL

SVC IPv6 ACL ID: -1

SVC: adding to sessmgmt

SVC: Sending response

Unable to initiate NAC, NAC might not be enabled or invalid policy

CSTP state = CONNECTED

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Please note that as soon as the vpn connection is made, the internet stops working on the local computer. I suppose this is the reason that it hangs and then gives error "Unable to establish VPN" error.

The entire config of the firewall is too big and would not prefer to put online. If you can guide based on above debug output or otherwise would appreciate.

Thanks again.

K

Hi,

Also to mention, when the vpn client assigns ip/gateway settings, the gateway address of the local computer is removed.

...... !!!

Hello,

Strange, but the issue was with the local computer i was testing. I change it and it is getting connected successfully.

After connection the the internet is now woking in the local computer.

Thanks,

K

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: