Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7255
Views
5
Helpful
2
Replies

anyconnect version 2.4 second host entry gets invalid host entry please re-enter

Go to solution
j-cutler
Level 1
Level 1

‎01-04-2010 10:00 AM - edited ‎02-21-2020 04:26 PM

Hi,

I have an ASA 5520,   running 8.21,  anyconnect 2.4.  I have the profile on the ASA downloading with the client.  I have a second ASA as a backup VPN server as well, they are configured as identically as possible. 

If I connect on the first ASA using the hostname  "vpn1.companyx.com", all works fine.     when I go to connect to the second ASA using the hostname "vpn2.companyx.com"  on the anyconnect client, I get the error message  "invalid host entry".  the xml profile tests as fine,  the host entries are both resolvable in dns and the vpn2 system repsonds fine using IP address.  It seems to be a anyconnect issue...

thoughts?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hdashnau
Cisco Employee
Cisco Employee

‎01-04-2010 01:16 PM

-Are you using a group-url on one ASA and not the other?

-Do you have "StandardUser" in your xml profile. If you create a new profile with a new name that does not have this setting does it work?

-If you have want to make it work with "StandardUser" in your xml profile, heres an example:



   vpn.cisco.com
   vpn.cisco.com
   CSCVPNUsers



The ASA will initiate a connection to:

https://vpn.cisco.com/CSCVPNUsers

In order for the ASA to send back the proper information, that group URL would have to exist under your tunnel-group/connection profile
In the configuration:

tunnel-group CSCVPNUsers webvpn-attributes
group-url https://vpn.cisco.com/CSCVPNUsers enable


-heather

View solution in original post

2 Replies 2

Go to solution
hdashnau
Cisco Employee
Cisco Employee

‎01-04-2010 01:16 PM

-Are you using a group-url on one ASA and not the other?

-Do you have "StandardUser" in your xml profile. If you create a new profile with a new name that does not have this setting does it work?

-If you have want to make it work with "StandardUser" in your xml profile, heres an example:



   vpn.cisco.com
   vpn.cisco.com
   CSCVPNUsers



The ASA will initiate a connection to:

https://vpn.cisco.com/CSCVPNUsers

In order for the ASA to send back the proper information, that group URL would have to exist under your tunnel-group/connection profile
In the configuration:

tunnel-group CSCVPNUsers webvpn-attributes
group-url https://vpn.cisco.com/CSCVPNUsers enable


-heather

Go to solution
j-cutler
Level 1
Level 1
In response to hdashnau

‎01-04-2010 02:42 PM

That did it.   The group url was tied to the vpn2 entry.

Thanks!

0 Helpful
Customers Also Viewed These Support Documents