Cannot login with SSL VPN

Unanswered Question
Jul 19th, 2007

Hi,


I've setup SSL VPN with automatic download of the SSL VPN client to the user.

However, when logging in on the web interface I get the error:


"Unable to send authentication message"


Does anyone know what that means? BTW, I use the LOCAL group for auth, and I have created a user in there for authentication.


And last question: Is it possible to log on via VPN before windows logon (like the IPSec client) and if so - how does it work? What do I need to do?


Thanks in advance,

Rasmus

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
blueoceanventure Fri, 07/20/2007 - 01:39

For info: I've now also tried with the AnyConnect client (we are running ASA ver. 8.0.2) and receive the exact same error which don't appear on ANY google results :(


Anyone?

ciscors Mon, 07/23/2007 - 08:54

Sorry for hijacking your thread but is Anyconnect only supported on ASA 8? Not 7.x?


Thank you

BruceD.Brown Thu, 11/15/2007 - 15:21

Rasmus,


Did you determine what was causing this problem? I get the exact same error message you mention when tryhing to login via SSL. I had the SSL connection working on my ASA earlier, and after playing some with the Cisco Secure Desktop I can't get it to authenticate me. I was hoping you had some insight into this that might get me going again.


Thanks,


Bruce

cratejockey Mon, 01/14/2008 - 12:25

Just figured I would chime in. I was using SSL VPN (clientless) fine until my upgrade to 8.0(3) I am currently opeing a TAC case. I will let you know what I find out.


Josh

http://www.staticnat.com

cratejockey Wed, 01/16/2008 - 11:24

OK guys so here is what I got from TAC. I have been using the "Group Lock" Option on all of my users. Up until 8.0(3) SSL VPN ignored "Group Lock" and place all uses in the defaultWeb instance if they did not specify a Group via the drop down. So all I had to do to get my authentication working again was to enable the drop down on the login portal for SSL VPN. I then created alias names for all of my tunnels that are allowed to SSL VPN so I wasn't exposing the realy tunnel group name. This not only fixed my issue but helped me understand why I was having so much trouble with custom SSL VPN pages for users and groups. The Authentication has no interaction with tunnel group other than to validate that you are connected to the tunnel group you are locked to. If you aren't as in the case with default SSL instance when you don't specify in the drop down it just dumps the Auth request.


Hope this helps some others out.



http://www.staticnat.com

Actions

This Discussion