Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
433
Views
5
Helpful
2
Replies

SSL-VPN with AnyConnect to Cisco IOS 17.6.4

hannes1967
Level 1
Level 1

‎11-03-2022 08:30 AM

I start AnyConnect default configuration and can enter username and password.

Authentication works, but not authorized to open full tunnel.

Please check debug messages below.

Now I try SSL-VPN with anyconnect to Cisco 1111!

Getting following debug messages:

077275: Nov 3 09:51:14.694 MESZ: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: hannes2] [Source: 213.142.97.2] [localport: 55443] at 09:51:14 MESZ Thu Nov 3 2022
C1111#
077276: Nov 3 09:51:15.214 MESZ:
077277: Nov 3 09:51:15.214 MESZ:
077278: Nov 3 09:51:15.214 MESZ: [CRYPTO-SSL-TUNL-EVT]:[FFFF4AFB0800] CSTP Version recd , using 1
077279: Nov 3 09:51:15.214 MESZ: [CRYPTO-SSL-TUNL-ERR]:[FFFF4AFB0800] Full Tunnel CONNECT request failed, Sending error
077280: Nov 3 09:51:15.214 MESZ: HTTP/1.1 401 Unauthorized
077281: Nov 3 09:51:15.215 MESZ:
077282: Nov 3 09:51:15.216 MESZ:
077283: Nov 3 09:51:15.216 MESZ:
077284: Nov 3 09:51:15.216 MESZ: [CRYPTO-SSL-TUNL-ERR]:[FFFF4AFB0800] User hannes2 not authorized to access Full tunnel

SSL Profile:

C1111#sh cry ssl prof

SSL Profile: SSL_PROFILE
Status: ACTIVE
Match Criteria:
URL: none
Policy: SSL_POLICY
AAA accounting List : local
AAA Authentication List : ANYCONNECT-USERS
AAA Authorization User List : ANYCONNECT-USERS
User : hannes2
Cached : True
AAA Authorization Group List : ANYCONNECT-USERS
Group List: hannes2
Override: True
Authentication Mode : user credentials
Interface : SSLVPN-VIF0
Status: DISABLE
Max Users : 10000

 

Hope that information is enough!

cheers, Hannes

 

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎11-03-2022 10:00 AM

Can you post the configuration from router to look :

or refer reference document :

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200533-AnyConnect-Configure-Basic-SSLVPN-for-I.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

hannes1967
Level 1
Level 1
In response to balaji.bandi

‎11-05-2022 09:43 AM

Thanks!

The document describes the way with webvpn!

I use „crypto ssl“ commands.

I will provide the config etc. tomorrow!

cheers, Hannes

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents