Unable to configure Anyconnect in ASA 5520

david.fernandez.fernandez · ‎02-18-2013

Hi everyone,

We have an ASA 5520 with two VPN profiles working fine.

Since some users are now working with Windows 8, VPN clients for Cisco ASA is not able to connect.

I have read there are problems for such VPN Clients in that OS, and I should use now Anyconnect for them to connect. I thought we had anyconnect working also, because some users can connect to a web page they can do some kind of connections to internal servers, (web, telnet, rdp, etc) so I installed cisco anyconnect VPN client in a laptop and try to connect (same IP and port I used for that web page) but after signing I get the message AnyConnect is not enabled on the VPN Server.

So I tried to follow a configuration guide for Anyconnect, but there's a step in which I am trapped, these are the steps:

Click Configuration, and then click Remote Access VPN.

Expand Network (Client) Access, and then expand Advanced.

Expand SSL VPN, and choose Client Setting

There is no client setting in my ASA GUI in that part

Does anyone know why?

Is there anything missed in my ASA?

Thank you very much for your answers.

Best Regards.

David.

Douglas Holmes · ‎02-18-2013

Do you mean that you are unable to check the "Enable AnyConnect Essentials" box in the upper corner of the screen or it doesn't exist?

david.fernandez.fernandez · ‎02-18-2013

Hello,

Thank you for your answer,

I don't mean exactly taht, I mean whenever I go to Configuration, Remote Access VPN,Network (client) Access, Advance, SSL VPN, I should (as said in the configuration document for Anyconnect) be able to choose Client Setting, but the only thing I see in there is Bypass Interface Access List. There is nothing about client settings there. Nothing of that exist in my configuration.

Thank you

malshbou · ‎02-18-2013

please share with us the following:

-ASA software version

- ASDM version

- Anyconnect version

-----

Mashal

------------------ Mashal Shboul

david.fernandez.fernandez · ‎02-19-2013

the ASA software version is 8.3(1)

the ASDM version is 6.3(1)

Anyconnect package version is anyconnect-win-2.0.0343-k9.pkg

thank you

Andrew Phirsov · ‎02-19-2013

Just go to the CLI, unter webvpn config mode write anyconnect enable. Plus, under group policy attributes configuration, for the group policy you're using for anyconnect, add vpn-tunnel-protocol ssl-client

david.fernandez.fernandez · ‎02-19-2013

Hi

I tried so, but I received the message "invalid input detected .." when I tried to put anyconnect enable.

I tried anyconnect and a tab key to see options and got "Command requires Anyconnect Essentials license" Does this mean I need to adquire an additional license?

The actual first configuration lines for the webvpn part is:

"webvpn

port 13933

enable outside

enable DMZ-inside

enable PCs

dtls port 13933

svc image disk0:/anyconnect-win-2.0.0343-k9.pkg 1

svc enable"

I tried also the second command vpn-tunnel-protocol ssl-client but I was giving the same message invalid input, pointing ssl-client.

Thank you.

david.fernandez.fernandez · ‎02-28-2013

Hi,

I have just load anyconnect-win-2.5.2019-k9.pkg package, and I have the same.

I cannot send "anyconnect enable" command.

Do I need to restart ASA?

thank you very much.

best regards.