Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1524
Views
0
Helpful
5
Replies

Cannot login with SSL VPN

blueoceanventure
Level 1
Level 1

‎07-19-2007 03:49 AM - edited ‎02-21-2020 03:10 PM

Hi,

I've setup SSL VPN with automatic download of the SSL VPN client to the user.

However, when logging in on the web interface I get the error:

"Unable to send authentication message"

Does anyone know what that means? BTW, I use the LOCAL group for auth, and I have created a user in there for authentication.

And last question: Is it possible to log on via VPN before windows logon (like the IPSec client) and if so - how does it work? What do I need to do?

Thanks in advance,

Rasmus

Labels:
0 Helpful
5 Replies 5

blueoceanventure
Level 1
Level 1

‎07-20-2007 01:39 AM

For info: I've now also tried with the AnyConnect client (we are running ASA ver. 8.0.2) and receive the exact same error which don't appear on ANY google results :(

Anyone?

0 Helpful

ciscors
Level 1
Level 1
In response to blueoceanventure

‎07-23-2007 08:54 AM

Sorry for hijacking your thread but is Anyconnect only supported on ASA 8? Not 7.x?

Thank you

0 Helpful

BruceD.Brown
Level 1
Level 1

‎11-15-2007 03:21 PM

Rasmus,

Did you determine what was causing this problem? I get the exact same error message you mention when tryhing to login via SSL. I had the SSL connection working on my ASA earlier, and after playing some with the Cisco Secure Desktop I can't get it to authenticate me. I was hoping you had some insight into this that might get me going again.

Thanks,

Bruce

0 Helpful

cratejockey
Level 1
Level 1
In response to BruceD.Brown

‎01-14-2008 12:25 PM

Just figured I would chime in. I was using SSL VPN (clientless) fine until my upgrade to 8.0(3) I am currently opeing a TAC case. I will let you know what I find out.

Josh

http://www.staticnat.com

0 Helpful

cratejockey
Level 1
Level 1

‎01-16-2008 11:24 AM

OK guys so here is what I got from TAC. I have been using the "Group Lock" Option on all of my users. Up until 8.0(3) SSL VPN ignored "Group Lock" and place all uses in the defaultWeb instance if they did not specify a Group via the drop down. So all I had to do to get my authentication working again was to enable the drop down on the login portal for SSL VPN. I then created alias names for all of my tunnels that are allowed to SSL VPN so I wasn't exposing the realy tunnel group name. This not only fixed my issue but helped me understand why I was having so much trouble with custom SSL VPN pages for users and groups. The Authentication has no interaction with tunnel group other than to validate that you are connected to the tunnel group you are locked to. If you aren't as in the case with default SSL instance when you don't specify in the drop down it just dumps the Auth request.

Hope this helps some others out.

http://www.staticnat.com

0 Helpful
Customers Also Viewed These Support Documents