Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1972
Views
0
Helpful
1
Replies

VPN connection setup issue - ASA5505 + webVPN

Kyle_McIver
Level 1
Level 1

‎01-21-2011 11:38 AM

Hello,

I have an ASA5505 device that I am trying to configure to allow remote access to my users.

This is a breif overview of what I have going on.  Please let me know what/where you need more information from me.

-dsl modem in bridge mode.
-ASA receiving outside IP from the ISP, and doing the NAT.

as a result everything/everyone inside has internet access.

-DMZ subnet disabled.
-SSL & IPSec rules configured in the ASA

To  test this connection I have a win vista and a win7 laptop with a sprint  broadband card for outside access, if it should matter.

The Cisco VPN client 4.8 doesn't get along with these OS, it seems.
Anyconnect 2.4 installs and runs fine.
I am able to access the webVPN portal from anywhere across the internet.

I  have a local test user setup in the ASA.  When monitoring the real time  log, as I try to log in with that user the ASA accepts the credentials,  starts the connection then immediately drops it.  Log of this activity  is below. 

I'm sure this is obvious to those familiar, but here it is anyway:
184.x.6.x = client IP
99.x.70.x = ASA outside IP

6|Jan 18 2011|10:57:50|725007|184.x.6.x||SSL session with client The.Cloud:184.x.6.x/50309 terminated.
6|Jan  18 2011|10:57:49|302014|184.x.6.x|99.x.70.x|Teardown TCP connection  1397779 for The.Cloud:184.x.6.x/50309 to NP Identity Ifc:99.x.70.x/443  duration 0:00:01 bytes 6144 TCP Reset-O
6|Jan 18 2011|10:57:48|113008|||AAA transaction status ACCEPT : user = test
6|Jan 18 2011|10:57:48|113009|||AAA retrieved default group policy (DfltGrpPolicy) for user = test
6|Jan 18 2011|10:57:48|113011|||AAA retrieved user specific group policy (MicroWorks.Remote.Users) for user = test
6|Jan 18 2011|10:57:48|113003|||AAA group policy for user test is being set to MicroWorks.Remote.Users
6|Jan 18 2011|10:57:48|113012|||AAA user authentication Successful : local database : user = test
6|Jan 18 2011|10:57:48|725002|184.x.6.x||Device completed SSL handshake with client The.Cloud:184.x.6.x/50309
6|Jan 18 2011|10:57:48|725001|184.x.6.x||Starting SSL handshake with client The.Cloud:184.x.6.x/50309 for TLSv1 session.
6|Jan  18 2011|10:57:48|302013|184.x.6.x|99.x.70.x|Built inbound TCP  connection 1397779 for The.Cloud:184.x.6.x/50309 (184.x.6.x/50309) to NP  Identity Ifc:99.x.70.x/443 (99.x.70.x/443)
6|Jan 18 2011|10:57:48|725001|184.x.6.x||Starting SSL handshake with client The.Cloud:184.x.6.x/50308 for TLSv1 session.
6|Jan  18 2011|10:57:48|302013|184.x.6.x|99.x.70.x|Built inbound TCP  connection 1397778 for The.Cloud:184.x.6.x/50308 (184.x.6.x/50308) to NP  Identity Ifc:99.x.70.x/443 (99.x.70.x/443)


I see that  reset-O, is that the "connection was reset from the outside".  Does that referr to the 'outside' interface on the ASA or the outside client?  Or am I missing the mark completely here?

Any suggestions out there?

Labels:
0 Helpful
1 Reply 1

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎01-29-2011 09:11 PM

Hi,

TCP Reset-O means that the session was terminated on the outside (probably by the client, or something on the path).

You could probably get more information as to why is failing by gathering the output of debug vpn-sessiondb 127 when connecting via VPN.

Federico.

0 Helpful
Customers Also Viewed These Support Documents