08-19-2011 07:13 AM
I'm trying to get the phone VPN function working from a Cisco 7965 phone.
I can connect fine to the SSL VPN via a normal PC.
When I try from a phone, it tries to connect and returns with:
"VPN Authentication Failed"
yet, when I look on the ASA with "sh vpn-sessiondb anyconnect" I can see the phone has connected fine:
Username : fred Index : 17
Public IP : x.x.x.x
Protocol : AnyConnect-Parent
License : AnyConnect Premium, AnyConnect for Cisco VPN Phone
Encryption : AES128 Hashing : SHA1
Bytes Tx : 2417 Bytes Rx : 676
Group Policy : SSLClientPolicy Tunnel Group : SSLClientProfile
Login Time : 15:05:53 GMT/BDT Fri Aug 19 2011
Duration : 0h:00m:38s
Inactivity : 0h:00m:08s
NAC Result : Unknown
VLAN Mapping : N/A VLAN : none
Doing a "debug webvpn anyconnect 255", at the end shows:
CSTP state = CONNECTED
Any suggestions ?
Thanks,
GTG
08-30-2011 01:25 AM
Hi GTG,
What you are facing is really weired. Please go through the following doc and see if your phone is configured properly:-
https://supportforums.cisco.com/docs/DOC-9124
Please keep us posted.
Regards,
Sian
08-30-2011 01:42 AM
I found the problem: DTLS wasn't setup & working.
The "VPN Authentication Failed" message on the phone was a red-herring. (Gotta love useful error messages...)
GTG
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: