ASA 8 SVC and Anyconnect VPN not working

Unanswered Question

I have no idea what could be wrong. It was working before. I was doing some testing, removed the ssl and clientless ssl policy. Then I recreated them from scratch. But neither svc nor webvpn are working now.

I've made sure nobody is connected via ssl.


These are from the log and attached is the config.


4|Aug 16 2007|15:32:17|716007|||Group <DfltGrpPolicy> User <[email protected]> IP <65.94.223.109> WebVPN Unable to create session.


4|Aug 16 2007|15:32:17|716023|||Group <DfltGrpPolicy> User <[email protected]> IP <65.94.223.109> Session could not be established: session limit of 2 reached.

6|Aug 16 2007|15:32:17|734001|||DAP: User [email protected], Addr 65.22.22.22, Connection Clientless: The following DAP records were selected for this connection: DfltAccessPolicy


Can anyone see what is wrong?





Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
jake-savage Tue, 08/21/2007 - 10:25
User Badges:

Session could not be established: session limit of 2 reached.


That's the problem. I'm working on my Anyconnect config and I've had that happen tons of times. You can fix it by going into config mode on your ASA then type in the following:


conf t

webvpn

no enable outside

enable outside


That should clear the 2 sessions.


/Jake

jake-savage Wed, 08/22/2007 - 09:31
User Badges:

Apparently you're running into the same bug I am. I opened a case with TAC yesterday because I was having trouble getting AnyConnect to work. They said there's a bug in the 8.0(2) code if you have 2 webvpn licenses.


Check out this bug ID: cscsj02842

jake-savage Thu, 08/23/2007 - 11:29
User Badges:

The TAC engineer told me it has been fixed and will be included in the upcoming release to 8.0(3). They were supposed to have sent me beta code to test with yesterday, but I never received it. I also asked what the ETA was for the next release and was told they didn't have one yet.


Kinda sucks - I'd really like to test out AnyConnect and make sure it works before I start configuring it for our clients.

skint Wed, 01/23/2008 - 08:01
User Badges:

vpn-sessiondb logoff webvpn

or show vpn-sessiondb webvpn

Session Type: WebVPN


Username : ******* Index : 20


Get the index and then

vpn-sessiondb logoff index 20


BTW, this is running on a 8.0(2) box, although it should be updated to 8.0(3).

Actions

This Discussion