Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
866
Views
0
Helpful
0
Replies

SSL VPN Problem - ACL Parse Error

Soeren Rosiak
Level 1
Level 1

‎03-20-2014 09:54 AM

Hi there.

Testing some features in Cisco ASA SSL VPN(Clientless).

 

But when i connect to the portal, trying to login i get the following error, anybody seen this before?

It works if i ADD a ACL to the DAP, but dosn't if there is only a WEBACL applied??

It also works if i remove my "check" in "ssl-client" box in the global_policy  (Group Policy).

 

6|Mar 20 2014|16:45:09|716002|||||Group <global_policy> User <xx@example.com> IP <X.X.X.X> WebVPN session terminated: ACL Parse Error.
7|Mar 20 2014|16:45:09|720041|||||(VPN-Primary) Sending Delete WebVPN Session message user xx@example.com, IP X.X.X.X to standby unit
4|Mar 20 2014|16:45:09|716046|||||Group <global_policy> User <xx@example.com> IP <X.X.X.X> User ACL <testcustomer_attribute> from AAA dosn't exist on the device, terminating connection.
7|Mar 20 2014|16:45:09|720041|||||(VPN-Primary) Sending Create ACL List message rule DAP-web-user-E4EAC90F, line 1 to standby unit
7|Mar 20 2014|16:45:09|720041|||||(VPN-Primary) Sending Create ACL Info message DAP-web-user-E4EAC90F to standby unit
6|Mar 20 2014|16:45:09|734001|||||DAP: User xx@example.com, Addr X.X.X.X, Connection Clientless: The following DAP records were selected for this connection: testcustomer_common_dap
7|Mar 20 2014|16:45:09|734003|||||DAP: User xx@example.com, Addr X.X.X.X: Session Attribute aaa.cisco.tunnelgroup = common_tunnelgroup
7|Mar 20 2014|16:45:09|734003|||||DAP: User xx@example.com, Addr X.X.X.X: Session Attribute aaa.cisco.username2 =
7|Mar 20 2014|16:45:09|734003|||||DAP: User xx@example.com, Addr X.X.X.X: Session Attribute aaa.cisco.username1 = xx@example.com
7|Mar 20 2014|16:45:09|734003|||||DAP: User xx@example.com, Addr X.X.X.X: Session Attribute aaa.cisco.username = xx@example.com
7|Mar 20 2014|16:45:09|734003|||||DAP: User xx@example.com, Addr X.X.X.X: Session Attribute aaa.cisco.grouppolicy = global_policy
7|Mar 20 2014|16:45:09|734003|||||DAP: User xx@example.com, Addr X.X.X.X: Session Attribute aaa.radius["11"]["1"] = testcustomer_attribute
6|Mar 20 2014|16:45:09|113008|||||AAA transaction status ACCEPT : user = xx@example.com
6|Mar 20 2014|16:45:09|113009|||||AAA retrieved default group policy (global_policy) for user = xx@example.com
6|Mar 20 2014|16:45:09|113004|||||AAA user authentication Successful : server =  X.X.X.X : user = xx@example.com

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents