cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1693
Views
5
Helpful
6
Replies

Webvpn weird authentication issues

mlatham67
Level 1
Level 1

Hi All,

I have just configured webvpn on a pair of asa5510's, the webvpn is now issuing a pop-up when I log in either to a group that authenticates locally on the asa of to a group that authenticates to a Radius server.

the Pop-Up is a User Alert in the form

https://**.**.**.**/+CSCOE+/useralert.html

(the pop-up is the same no matter what group I authenticate into.)

here is the webvpn config, any pointers to remove this would be GREAT

ciscoasa# sh run | beg webvpn

webvpn

enable outside

svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 1

svc enable

tunnel-group-list enable

group-policy DfltGrpPolicy attributes

vpn-tunnel-protocol IPSec svc webvpn

group-policy Staff_Group_Policy internal

group-policy Staff_Group_Policy attributes

vpn-filter value STAFF_RULE

vpn-tunnel-protocol IPSec svc webvpn

vlan 10

address-pools value Staff_DHCP

webvpn

url-list value Staff

file-entry enable

file-browsing enable

group-policy Student_Group_Policy internal

group-policy Student_Group_Policy attributes

vpn-filter value STUDENT_RULES

vpn-tunnel-protocol IPSec svc webvpn

vlan 1

address-pools value Student_DHCP

webvpn

url-list value Students

file-entry enable

file-browsing enable

group-policy IT_Dept_Group_Policy internal

group-policy IT_Dept_Group_Policy attributes

vpn-tunnel-protocol IPSec svc webvpn

vlan none

address-pools value IT_Dept_DHCP

webvpn

hidden-shares none

username ******* password *******

tunnel-group IT_Dept type remote-access

tunnel-group IT_Dept general-attributes

default-group-policy IT_Dept_Group_Policy

tunnel-group IT_Dept webvpn-attributes

group-alias IT_Dept enable

tunnel-group IT_Dept ipsec-attributes

pre-shared-key *

tunnel-group Students type remote-access

tunnel-group Students general-attributes

authentication-server-group STUDENT_RADIUS

authentication-server-group (student) STUDENT_RADIUS

default-group-policy Student_Group_Policy

tunnel-group Students webvpn-attributes

group-alias Students enable

tunnel-group Students ipsec-attributes

pre-shared-key *

tunnel-group STAFF type remote-access

tunnel-group STAFF general-attributes

address-pool Staff_DHCP

authentication-server-group STAFF_RADUIS

authentication-server-group (Staff) STAFF_RADUIS

default-group-policy Staff_Group_Policy

tunnel-group STAFF webvpn-attributes

group-alias STAFF enable

6 Replies 6

owillins
Level 6
Level 6

Is user alert set in WebVPN mode?

ASA(config-webvpn)# no user-alert

ASA(config-webvpn)#

As for filtering Smart Tunnel traffic you will need to specify syntax as

such:

access-list temp webtype permit url smart-tunnel://x.x.x.x

sgaiotti
Level 1
Level 1

hello

i have this pop-up an a 5540 and on the pop-up, we can see the word 'oups'

have you got an idee

thanks

PS : I join the error message

the error message

Hi All

I Found that a reboot fixed my issue, but please make a note that a few weeks after we lost all access to cifs shares, the error was

Error Contacting Host

Please check bug CSCsl94183 and upgrade to asa803-12-k8.bin, this seems a lot more stable.

good luck.

schaef350
Level 1
Level 1

I found this thread while working on the same issue and figured I would update it to have accurate information:

I resolved this on our 9.1 ASA with something like this:

ciscoasa(config)# tunnel-group   general-attributes

ciscoasa(config-tunnel-general)# user-alert cancel

- Be sure to rate all helpful posts

- Be sure to rate all helpful posts

CSCth21493

DOC: Multiple errors in ASA Command Reference for 'user-alert'

Symptom:

There are multiple errors in the ASA Command Reference regarding the 'user-alert' command. The most important one is, that from ASA version 8.2 onwards, the "no user-alert" command does not exist anymore, but has been replaced by the "user-alert cancel" command.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin