cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
170
Views
5
Helpful
2
Replies

SSL-VPN with AnyConnect to Cisco IOS 17.6.4

hannes1967
Beginner
Beginner

I start AnyConnect default configuration and can enter username and password.

Authentication works, but not authorized to open full tunnel.

Please check debug messages below.

Now I try SSL-VPN with anyconnect to Cisco 1111!

Getting following debug messages:

077275: Nov 3 09:51:14.694 MESZ: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: hannes2] [Source: 213.142.97.2] [localport: 55443] at 09:51:14 MESZ Thu Nov 3 2022
C1111#
077276: Nov 3 09:51:15.214 MESZ:
077277: Nov 3 09:51:15.214 MESZ:
077278: Nov 3 09:51:15.214 MESZ: [CRYPTO-SSL-TUNL-EVT]:[FFFF4AFB0800] CSTP Version recd , using 1
077279: Nov 3 09:51:15.214 MESZ: [CRYPTO-SSL-TUNL-ERR]:[FFFF4AFB0800] Full Tunnel CONNECT request failed, Sending error
077280: Nov 3 09:51:15.214 MESZ: HTTP/1.1 401 Unauthorized
077281: Nov 3 09:51:15.215 MESZ:
077282: Nov 3 09:51:15.216 MESZ:
077283: Nov 3 09:51:15.216 MESZ:
077284: Nov 3 09:51:15.216 MESZ: [CRYPTO-SSL-TUNL-ERR]:[FFFF4AFB0800] User hannes2 not authorized to access Full tunnel

SSL Profile:

C1111#sh cry ssl prof

SSL Profile: SSL_PROFILE
Status: ACTIVE
Match Criteria:
URL: none
Policy: SSL_POLICY
AAA accounting List : local
AAA Authentication List : ANYCONNECT-USERS
AAA Authorization User List : ANYCONNECT-USERS
User : hannes2
Cached : True
AAA Authorization Group List : ANYCONNECT-USERS
Group List: hannes2
Override: True
Authentication Mode : user credentials
Interface : SSLVPN-VIF0
Status: DISABLE
Max Users : 10000

 

Hope that information is enough!

cheers, Hannes

 

2 Replies 2

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

Can you post the configuration from router to look :

or refer reference document :

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200533-AnyConnect-Configure-Basic-SSLVPN-for-I.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks!

The document describes the way with webvpn!

I use „crypto ssl“ commands.

I will provide the config etc. tomorrow!

cheers, Hannes

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers