Showing results for 
Search instead for 
Did you mean: 

WEBVPN :: "ERROR: Failed to enable WebVPN"

Hello everybody.

I have a problem enabling "wbvpn" on any interface. Every time the ASA show me the following log:

ASA(config-webvpn)# enable outside

Could not start webvpn

ERROR: Failed to enable WebVPN.


I have a ASA5510 V. 8.0(3)6 with WebVPN License.

If somebody knows anything about this problem, i will really appreciate for your comments.

Thanks in advance.

----------------- ASA WEB VPN Config ----

hostname ASA


enable password *** encrypted


name VPN-3 description VPN-3 Externo


interface Ethernet0/0

nameif outside

security-level 0

ip address

ospf cost 10


interface Ethernet0/1

speed 100

duplex full

nameif inside

security-level 100

ip address

ospf cost 10


interface Ethernet0/2

speed 100

duplex full

nameif DMZ

security-level 50

ip address

ospf cost 10


tcp-map alltcp


tcp-map msstcpmap

exceed-mss allow

queue-limit 250

mtu outside 1500

mtu inside 1600

mtu DMZ 1600

mtu management 1500

ip local pool Pool-VPN-3 mask

icmp unreachable rate-limit 1 burst-size 1

icmp permit outside

icmp permit inside

icmp permit inside

asdm image disk0:/asdm-603.bin

no asdm history enable

arp timeout 14400

timeout xlate 5:01:00

timeout conn 15:00:00 half-closed 0:10:00 udp 0:10:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 2:00:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:30:00 uauth 5:00:00 absolute

dynamic-access-policy-record DfltAccessPolicy

aaa authentication enable console LOCAL

http server enable 7443

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 86400

crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption aes

hash sha

group 2

lifetime 86400


group-policy SSL-SAPOLIO internal

group-policy SSL-SAPOLIO attributes

vpn-tunnel-protocol SSL-SAPOLIO


url-list none

group-policy Remote-VPN internal

group-policy Remote-VPN attributes

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value VPN-3-ACL

default-domain value

username jlvelasquez password **** encrypted

username jlvelasquez attributes

vpn-group-policy SSL-SAPOLIO

service-type remote-access

username jpozo password **** encrypted

username jpozo attributes

vpn-group-policy Remote-VPN

service-type remote-access

tunnel-group Remote-VPN type remote-access

tunnel-group Remote-VPN general-attributes

address-pool Pool-VPN-3

default-group-policy Remote-VPN

tunnel-group Remote-VPN ipsec-attributes

pre-shared-key *

tunnel-group SSL-SAPOLIO type remote-access

tunnel-group SSL-SAPOLIO general-attributes

default-group-policy SSL-SAPOLIO


policy-map IPS_policy_OUT

class ips_class_map_OUT

ips inline fail-open

policy-map global_policy

class mssclassmap

set connection advanced-options msstcpmap

policy-map IPS_policy_DMZ

class ips_class_map_DMZ

ips inline fail-open


service-policy IPS_policy_OUT interface outside

service-policy IPS_policy_DMZ interface DMZ


Ivan Martinon
Rising star

Can you post here your "show run all http"

Hi, this is the output:

ASA# show run all http

http server enable 7443

http outside

http management

http inside

http DMZ

José Luis

Thanks, http is enabled, can you get the "show run all webvpn"

Hi, this is the output:

ASA# show run all webvpn


memory-size percent 50

port 443

dtls port 443

character-encoding none

no http-proxy

no https-proxy

default-idle-timeout 1800

no csd enable

no svc enable

no tunnel-group-list enable

rewrite order 65535 enable resource-mask *

no internal-password

no onscreen-keyboard

no default-language

no keepout


no disable

max-object-size 1000

min-object-size 0

no cache-static-content enable

lmfactor 20

expiry-time 1

no auto-signon

no error-recovery disable

: # show import webvpn customization

: Template

: DfltCustomization

: # show import webvpn url-list

: Template

: No bookmarks are currently defined

: # show import webvpn translation-table

: Translation Tables' Templates:

: PortForwarder

: banners

: customization

: plugin-rdp

: plugin-ssh,telnet

: plugin-vnc

: url-list

: webvpn

: Translation Tables:

: fr PortForwarder

: fr csd

: fr customization

: fr plugin-rdp

: fr plugin-ssh,telnet

: fr plugin-vnc

: fr webvpn

: ja PortForwarder

: ja csd

: ja customization

: ja plugin-rdp

: ja plugin-ssh,telnet

: ja plugin-vnc

: ja webvpn

: ru PortForwarder

: ru customization

: ru webvpn

: # show import webvpn mst-translation

: No MS translation tables defined

: # show import webvpn webcontent

: No custom webcontent is loaded

: # show import webvpn AnyConnect-customization

: No OEM resources defined

: # show import webvpn plug-in

: rdp

: ssh,telnet

: vnc


Cisco Employee

You might be hitting a bug. Can you post the output of "show memory detail"?


Hello, i attached the output of "show memory detail"


Ok, so there's enough memory. It could be something else. It would be best to go to a later 8.0(3) release or the latest 8.0(4) interim, as initial 8.0(3) had quite a few memory / webvpn bugs.

How much memory is required to enable HTTP or webvpn


Something rare happen with this ASA. Now i did the same command and it works!!, this is the output:

ASA(config-webvpn)# enable outside

INFO: WebVPN and DTLS are enabled on 'outside'.


May be it is a memory bug.

Thanks to all

José Luis

Recognize Your Peers
Content for Community-Ad