02-25-2009 08:20 AM
Hello everybody.
I have a problem enabling "wbvpn" on any interface. Every time the ASA show me the following log:
ASA(config-webvpn)# enable outside
Could not start webvpn
ERROR: Failed to enable WebVPN.
ASA(config-webvpn)#
I have a ASA5510 V. 8.0(3)6 with WebVPN License.
If somebody knows anything about this problem, i will really appreciate for your comments.
Thanks in advance.
----------------- ASA WEB VPN Config ----
hostname ASA
domain-name mydomain.com
enable password *** encrypted
name
name 192.168.110.0 VPN-3 description VPN-3 Externo
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 1.1.1.114 255.255.255.248
ospf cost 10
!
interface Ethernet0/1
speed 100
duplex full
nameif inside
security-level 100
ip address 192.168.1.249 255.255.255.0
ospf cost 10
!
interface Ethernet0/2
speed 100
duplex full
nameif DMZ
security-level 50
ip address 192.168.10.249 255.255.255.0
ospf cost 10
!
tcp-map alltcp
!
tcp-map msstcpmap
exceed-mss allow
queue-limit 250
mtu outside 1500
mtu inside 1600
mtu DMZ 1600
mtu management 1500
ip local pool Pool-VPN-3 192.168.110.1-192.168.110.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit 1.1.1.112 255.255.255.248 outside
icmp permit 192.168.1.0 255.255.255.0 inside
icmp permit 192.168.20.0 255.255.255.0 inside
asdm image disk0:/asdm-603.bin
no asdm history enable
arp timeout 14400
timeout xlate 5:01:00
timeout conn 15:00:00 half-closed 0:10:00 udp 0:10:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 2:00:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:30:00 uauth 5:00:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication enable console LOCAL
http server enable 7443
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 86400
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
webvpn
group-policy SSL-SAPOLIO internal
group-policy SSL-SAPOLIO attributes
vpn-tunnel-protocol SSL-SAPOLIO
SSL-SAPOLIO
url-list none
group-policy Remote-VPN internal
group-policy Remote-VPN attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN-3-ACL
default-domain value mydomain.com
username jlvelasquez password **** encrypted
username jlvelasquez attributes
vpn-group-policy SSL-SAPOLIO
service-type remote-access
username jpozo password **** encrypted
username jpozo attributes
vpn-group-policy Remote-VPN
service-type remote-access
tunnel-group Remote-VPN type remote-access
tunnel-group Remote-VPN general-attributes
address-pool Pool-VPN-3
default-group-policy Remote-VPN
tunnel-group Remote-VPN ipsec-attributes
pre-shared-key *
tunnel-group SSL-SAPOLIO type remote-access
tunnel-group SSL-SAPOLIO general-attributes
default-group-policy SSL-SAPOLIO
!
policy-map IPS_policy_OUT
class ips_class_map_OUT
ips inline fail-open
policy-map global_policy
class mssclassmap
set connection advanced-options msstcpmap
policy-map IPS_policy_DMZ
class ips_class_map_DMZ
ips inline fail-open
!
service-policy IPS_policy_OUT interface outside
service-policy IPS_policy_DMZ interface DMZ
----------------
02-26-2009 08:48 AM
Can you post here your "show run all http"
02-26-2009 10:25 AM
Hi, this is the output:
ASA# show run all http
http server enable 7443
http 200.41.97.226 255.255.255.255 outside
http 10.1.9.0 255.255.255.0 management
http 192.168.1.0 255.255.255.0 inside
http 192.168.10.0 255.255.255.0 DMZ
José Luis
02-26-2009 10:37 AM
Thanks, http is enabled, can you get the "show run all webvpn"
02-26-2009 02:39 PM
Hi, this is the output:
ASA# show run all webvpn
webvpn
memory-size percent 50
port 443
dtls port 443
character-encoding none
no http-proxy
no https-proxy
default-idle-timeout 1800
no csd enable
no svc enable
no tunnel-group-list enable
rewrite order 65535 enable resource-mask *
no internal-password
no onscreen-keyboard
no default-language
no keepout
cache
no disable
max-object-size 1000
min-object-size 0
no cache-static-content enable
lmfactor 20
expiry-time 1
no auto-signon
no error-recovery disable
: # show import webvpn customization
: Template
: DfltCustomization
: # show import webvpn url-list
: Template
: No bookmarks are currently defined
: # show import webvpn translation-table
: Translation Tables' Templates:
: PortForwarder
: banners
: customization
: plugin-rdp
: plugin-ssh,telnet
: plugin-vnc
: url-list
: webvpn
: Translation Tables:
: fr PortForwarder
: fr csd
: fr customization
: fr plugin-rdp
: fr plugin-ssh,telnet
: fr plugin-vnc
: fr webvpn
: ja PortForwarder
: ja csd
: ja customization
: ja plugin-rdp
: ja plugin-ssh,telnet
: ja plugin-vnc
: ja webvpn
: ru PortForwarder
: ru customization
: ru webvpn
: # show import webvpn mst-translation
: No MS translation tables defined
: # show import webvpn webcontent
: No custom webcontent is loaded
: # show import webvpn AnyConnect-customization
: No OEM resources defined
: # show import webvpn plug-in
: rdp
: ssh,telnet
: vnc
ASA#
02-26-2009 12:27 PM
You might be hitting a bug. Can you post the output of "show memory detail"?
Thanks.
02-26-2009 02:43 PM
02-27-2009 05:29 AM
Ok, so there's enough memory. It could be something else. It would be best to go to a later 8.0(3) release or the latest 8.0(4) interim, as initial 8.0(3) had quite a few memory / webvpn bugs.
04-16-2018 01:36 AM
How much memory is required to enable HTTP or webvpn
02-27-2009 11:24 AM
Something rare happen with this ASA. Now i did the same command and it works!!, this is the output:
ASA(config-webvpn)# enable outside
INFO: WebVPN and DTLS are enabled on 'outside'.
ASA(config-webvpn)#
May be it is a memory bug.
Thanks to all
José Luis
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: