I'm trying to get the phone VPN function working from a Cisco 7965 phone.
I can connect fine to the SSL VPN via a normal PC.
When I try from a phone, it tries to connect and returns with:
"VPN Authentication Failed"
yet, when I look on the ASA with "sh vpn-sessiondb anyconnect" I can see the phone has connected fine:
Username : fred Index : 17
Public IP : x.x.x.x
Protocol : AnyConnect-Parent
License : AnyConnect Premium, AnyConnect for Cisco VPN Phone
Encryption : AES128 Hashing : SHA1
Bytes Tx : 2417 Bytes Rx : 676
Group Policy : SSLClientPolicy Tunnel Group : SSLClientProfile
Login Time : 15:05:53 GMT/BDT Fri Aug 19 2011
Duration : 0h:00m:38s
Inactivity : 0h:00m:08s
NAC Result : Unknown
VLAN Mapping : N/A VLAN : none
Doing a "debug webvpn anyconnect 255", at the end shows:
CSTP state = CONNECTED
Any suggestions ?
What you are facing is really weired. Please go through the following doc and see if your phone is configured properly:-
Please keep us posted.
I found the problem: DTLS wasn't setup & working.
The "VPN Authentication Failed" message on the phone was a red-herring. (Gotta love useful error messages...)