webvpn svc fails if launched locally rather than the web page

allenelson · ‎04-19-2010

Not sure if anyone else has ever run into something like this. I've been testing the below scenarios and am getting the same results.

-If users connect to the ASA via the web page, they can login and successfully connect to the vpn.

-If they launch the client locally, the certificate pops up but then fails the connection saying unable to process a response.

WebVPN is currently using port 8080. Thinking this might be causing a problem, I changed it back to 443 with the same results.

Jennifer Halim · ‎04-20-2010

When you launch the AnyConnect client locally, do you type in :8080 on the "Connect to" text box?

What version of ASA and what version of AnyConnect are you using?

allenelson · ‎04-20-2010

Yes, I am typing ip address:8080 in the Anyconnect client and have verified the correct certificate is showing up. The ASA is at 7.24 and the Anycon

nect client is 2.4.1012. I'm searching for bugs related to the 7.x code but am not having luck finding any.

What i don't understand is that regardless of the connection method, locally or from the web browser, in the end it is the same Anyconnect client establishing the connection.

Jennifer Halim · ‎04-20-2010

AnyConnect is not supported on ASA running version 7.2.4.

For your AnyConnect version (2.4), you need to be running at least ASA version 8.0.3.1. I would suggest that you upgrade to either version 8.0.5, or 8.2.x.

Here is the release notes for your reference:

http://www.cisco.com/en/US/partner/docs/security/vpn_client/anyconnect/anyconnect24/release/notes/anyconnect24rn.html#wp920992

allenelson · ‎04-20-2010

Many thanks, my morning was going to be spent going through the release notes.. I'll upgrade the software and give it a shot.