SSL VPN Portal not working

gtreichler · ‎02-17-2010

I'm trying to setup the SSL VPN portal:

When I connect via HTTPS to the ASA5520 outside interface I get the login prompt and after sucessfly login it takes me directly to the Anyconnect client download (starts Anyconnect immediately) even though in the group policy is configured to not prompt the use to chose the post login and the post login is ste to go to Clientless SSL VPN Portal?

sjbdallas · ‎04-14-2011

Did you ever figure this out? I'm having that problem now.

sabafonsec · ‎10-09-2012

I am having also the same issue, is there a solution for this?

Javier Portuguez · ‎10-09-2012

Hi there,

Is the AnyConnect essentials enabled? (show version + show run webvpn)

Is the clientless protocol allowed in the group-policy?

Is the session being landed on the correct connection profile?

Thanks.

Portu.

Please rate any helpful posts.

sabafonsec · ‎10-09-2012

Hi Javier,

Answers to your questions:

Anyconnect is essential is enabled.

The clientless protocol is enabled in the group policy

There is only one connection profile for ssl VPN users.

below are parts of the current configuration.

======

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 250
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled
VPN-3DES-AES                   : Enabled
Security Contexts              : 2
GTP/GPRS                       : Disabled
SSL VPN Peers                  : 100
Total VPN Peers                : 5000
Shared License                 : Disabled
AnyConnect for Mobile          : Enabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Enabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled

=================
webvpn
enable outside
anyconnect-essentials
svc image disk0:/anyconnect-win-3.0.08057-k9.pkg 2
svc enable
tunnel-group-list enable

========

FW# sh run tunnel-group XXXX-SSL-Tunnel
tunnel-group XXXX-SSL-Tunnel type remote-access
tunnel-group XXXX-SSL-Tunnel general-attributes
accounting-server-group TACACS+
default-group-policy YYYY-SSL
tunnel-group XXXX-SSL-Tunnel webvpn-attributes
customization zzzz-Page-Appearance
group-alias xxxxssl enable

FW# sh run group-policy YYYY-SSL
group-policy YYYY-SSL internal
group-policy YYYY-SSL attributes
dns-server value 10.10.10.51 10.10.10.53
vpn-tunnel-protocol svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value AnyConn-SpiltTunnel
address-pools value AnyCon_pool
webvpn
url-list value MMMM-Book-Mark
filter value YYYY-SSL-ACL
svc keep-installer installed
svc ask none default webvpn
customization value Page-Appearance
hidden-shares none
file-entry enable
file-browsing enable
url-entry enable

===================================

Thanks

Javier Portuguez · ‎10-10-2012

Hi,

Since AnyConnect Essentials is enabled under the webvpn settings, the ASA will not let you access the full WebPortal.

You will need to disabled AnyConnect Essentials in order to have full access.

Let me know.

Thanks.

Portu.

Please rate any helpful posts.

Message was edited by: Javier Portuguez

sabafonsec · ‎10-10-2012

the issue is solved

Thanks alot Javier, clientless now is working normally.

Javier Portuguez · ‎10-10-2012

Great news

Please mark this post as answered please.

Have a good one.

Take care.