cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2820
Views
8
Helpful
7
Replies

ASA 8 SVC and Anyconnect VPN not working

kpoon
Level 1
Level 1

I have no idea what could be wrong. It was working before. I was doing some testing, removed the ssl and clientless ssl policy. Then I recreated them from scratch. But neither svc nor webvpn are working now.

I've made sure nobody is connected via ssl.

These are from the log and attached is the config.

4|Aug 16 2007|15:32:17|716007|||Group <DfltGrpPolicy> User <xxx@xxx.com> IP <65.94.223.109> WebVPN Unable to create session.

4|Aug 16 2007|15:32:17|716023|||Group <DfltGrpPolicy> User <xxx@xxx.com> IP <65.94.223.109> Session could not be established: session limit of 2 reached.

6|Aug 16 2007|15:32:17|734001|||DAP: User xxx@xxx.com, Addr 65.22.22.22, Connection Clientless: The following DAP records were selected for this connection: DfltAccessPolicy

Can anyone see what is wrong?

7 Replies 7

jake-savage
Level 1
Level 1

Session could not be established: session limit of 2 reached.

That's the problem. I'm working on my Anyconnect config and I've had that happen tons of times. You can fix it by going into config mode on your ASA then type in the following:

conf t

webvpn

no enable outside

enable outside

That should clear the 2 sessions.

/Jake

I've tried that but I get the same errors.

They don't get cleared until I reload the entire ASA. Is there any other way to do it?

Apparently you're running into the same bug I am. I opened a case with TAC yesterday because I was having trouble getting AnyConnect to work. They said there's a bug in the 8.0(2) code if you have 2 webvpn licenses.

Check out this bug ID: cscsj02842

Thanks Jake,

did they mention when a fix or update will be available? according to the bugID, it's been fixed. But I can't find the version anywhere.

The TAC engineer told me it has been fixed and will be included in the upcoming release to 8.0(3). They were supposed to have sent me beta code to test with yesterday, but I never received it. I also asked what the ETA was for the next release and was told they didn't have one yet.

Kinda sucks - I'd really like to test out AnyConnect and make sure it works before I start configuring it for our clients.

thanks for the info.

kinda sucks for us too. I was going to test it out and deploy it until I hit this.

vpn-sessiondb logoff webvpn

or show vpn-sessiondb webvpn

Session Type: WebVPN

Username : ******* Index : 20

Get the index and then

vpn-sessiondb logoff index 20

BTW, this is running on a 8.0(2) box, although it should be updated to 8.0(3).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: