SSL VPN Connection Issue

CSCO12161309 · ‎05-04-2015

Having an Issue with an SSL VPN I can't seem to get past. Using Anyconnect software on PC or android phone I am not able to send any traffic thru the tunnel. The Client is able to authenticate beforehand successfully and assigns a private ip via the pool configured as its supposed to but nothing there. I have listed the configuration below along with the debugs. I have omitted any public ip information. The debugs say there is any issue w/ an ACL but everything appears correct. Any help would be most appreciated.

*************Equipment/Software

Cisco 2851 Router Version 15.4(M9) Software

anyconnect-win-3.1.07021-k9.pkg

*************Configuration

ip local pool webvpn1 172.16.100.80 172.16.100.90
ip forward-protocol nd
no ip http server
ip http secure-server
!
!
!
ip access-list extended webvpn-acl
permit tcp 172.16.100.0 0.0.0.255 host 172.16.100.60 eq telnet
permit tcp 172.16.100.0 0.0.0.255 host 172.16.100.70 eq telnet
permit tcp 172.16.100.0 0.0.0.255 host 172.16.100.8 eq telnet
permit tcp 172.16.100.0 0.0.0.255 host 172.16.100.8 eq 22
permit tcp 172.16.100.0 0.0.0.255 host 172.16.100.8 eq www
permit tcp 172.16.100.0 0.0.0.255 host 172.16.100.8 eq 443

webvpn gateway CCIELAB
hostname Porshe_GT3
ip interface GigabitEthernet0/0 port 443
http-redirect port 80
ssl trustpoint my-sslvpn-ca
inservice
!
webvpn install svc flash:/webvpn/anyconnect-win-3.1.07021-k9.pkg sequence 1
!
webvpn context CCIELab
title "Networking Lab"
ssl authenticate verify all
!
login-message "All Sessions are logged and monitored.Please be respectful and if any questions contact remzrr@gmail.com"
!
policy group Labrats
functions svc-enabled
banner "Success, You Made It"
filter tunnel webvpn-acl
svc address-pool "webvpn1" netmask 255.255.255.0
svc keep-client-installed
svc rekey method new-tunnel
svc split include 172.16.100.0 255.255.255.0
default-group-policy Labrats
aaa authentication list webvpn
gateway CCIELAB
inservice

*********************Debugs

*May 2 09:12:50.601: [WV-TUNL-PAK]:[4BB44B08] TxServer, Forwarding the pak 4A2D3B94
*May 2 09:12:50.601: [WV-TUNL-PAK]: IP4 Len =60 Src =172.16.100.87 Dst =172.16.100.8 Prot =6
*May 2 09:12:50.601: [WV-TUNL-PAK]:TCP sport=53571, dport=2001, seq=4091902471 ack=0, bits=SYN
*May 2 09:12:50.601: [WV-TUNL-PAK]:[4BB44B08] TxServer, Pak 4A2D3B94 failed ACL webvpn-acl
*May 2 09:13:19.841: [WV-TUNL-EVT]:[4BB44B08] CSTP Control, KeepAlive Detected. Dropped
*May 2 09:19:57.757: [WV-TUNL-EVT]:[4BB44B08] CSTP Control, Recd DPD Req frame (User RemzRR, IP 172.16.100.87)
*May 2 09:19:57.757: [WV-TUNL-EVT]:[4BB44B08] CSTP Control, Sending DPD Res frame (User RemzRR, IP 172.16.100.87)
*May 2 09:25:27.925: [WV-TUNL-EVT]:[4BB44B08] CSTP Control, KeepAlive Detected. Dropped
*May 2 09:25:58.025: [WV-TUNL-EVT]:[4BB44B08] CSTP Control, KeepAlive Detected. Dropped
*May 2 09:26:28.509: [WV-TUNL-EVT]:[4BB44B08] CSTP Control, KeepAlive Detected. Dropped
*May 2 09:27:00.381: [WV-TUNL-EVT]:[4BB44B08] CSTP Control, KeepAlive Detected. Dropped

*********************Verification

Porshe_GT3#show webvpn policy group Labrats context all
WEBVPN: group policy = Labrats ; context = CCIELab
banner = "Success, You Made It"
idle timeout = 2100 sec
session timeout = Disabled
functions =
svc-enabled

citrix disabled
address pool name = "webvpn1"
netmask = 255.255.255.0
tunnel-mode filter = "webvpn-acl"
dpd client timeout = 300 sec
dpd gateway timeout = 300 sec
keepalive interval = 30 sec
SSLVPN Full Tunnel mtu size = 1406 bytes
keep sslvpn client installed = enabled
rekey interval = 3600 sec
rekey method = new-tunnel
lease duration = 43200 sec
split include = 172.16.100.0 255.255.255.0

umairali.khan · ‎05-11-2016

are you getting hits on your webvpn-acl when you try to send traffic thru the tunnel?

can you post the output of show ip access-list