02-17-2010 05:39 AM
I'm trying to setup the SSL VPN portal:
When I connect via HTTPS to the ASA5520 outside interface I get the login prompt and after sucessfly login it takes me directly to the Anyconnect client download (starts Anyconnect immediately) even though in the group policy is configured to not prompt the use to chose the post login and the post login is ste to go to Clientless SSL VPN Portal?
04-14-2011 04:59 AM
Did you ever figure this out? I'm having that problem now.
10-09-2012 09:19 AM
I am having also the same issue, is there a solution for this?
10-09-2012 12:20 PM
Hi there,
Is the AnyConnect essentials enabled? (show version + show run webvpn)
Is the clientless protocol allowed in the group-policy?
Is the session being landed on the correct connection profile?
Thanks.
Portu.
Please rate any helpful posts.
10-09-2012 10:37 PM
Hi Javier,
Answers to your questions:
Anyconnect is essential is enabled.
The clientless protocol is enabled in the group policy
There is only one connection profile for ssl VPN users.
below are parts of the current configuration.
======
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 250
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
SSL VPN Peers : 100
Total VPN Peers : 5000
Shared License : Disabled
AnyConnect for Mobile : Enabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Enabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
=================
webvpn
enable outside
anyconnect-essentials
svc image disk0:/anyconnect-win-3.0.08057-k9.pkg 2
svc enable
tunnel-group-list enable
========
FW# sh run tunnel-group XXXX-SSL-Tunnel
tunnel-group XXXX-SSL-Tunnel type remote-access
tunnel-group XXXX-SSL-Tunnel general-attributes
accounting-server-group TACACS+
default-group-policy YYYY-SSL
tunnel-group XXXX-SSL-Tunnel webvpn-attributes
customization zzzz-Page-Appearance
group-alias xxxxssl enable
FW# sh run group-policy YYYY-SSL
group-policy YYYY-SSL internal
group-policy YYYY-SSL attributes
dns-server value 10.10.10.51 10.10.10.53
vpn-tunnel-protocol svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value AnyConn-SpiltTunnel
address-pools value AnyCon_pool
webvpn
url-list value MMMM-Book-Mark
filter value YYYY-SSL-ACL
svc keep-installer installed
svc ask none default webvpn
customization value Page-Appearance
hidden-shares none
file-entry enable
file-browsing enable
url-entry enable
===================================
Thanks
10-10-2012 05:19 AM
Hi,
Since AnyConnect Essentials is enabled under the webvpn settings, the ASA will not let you access the full WebPortal.
You will need to disabled AnyConnect Essentials in order to have full access.
Let me know.
Thanks.
Portu.
Please rate any helpful posts.
Message was edited by: Javier Portuguez
10-10-2012 05:34 AM
the issue is solved
Thanks alot Javier, clientless now is working normally.
10-10-2012 10:09 AM
Great news
Please mark this post as answered please.
Have a good one.
Take care.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide