AnyConnect config that actualy...I dunno...WORKS????

Unanswered Question
Aug 21st, 2007

This has been driving me nuts for the past couple weeks. I cannot, for the life of me, find a configuration guide for AnyConnect that actually works.

The wizard in the ASDM doesn't work. A lab that I got from Cisco training today didn't work. The guides from Cisco's site are very limited unless you want to try and config it through CLI and slit your wrists at the same time.

Crazy stuff! I know it works, I've seen some sweet pics of the client loaded up with, the tunnel active, etc.

I'm not trying to do anything special, just configure a VPN using AnyConnect. Every time I try, and I've tried from 3 different computers, I get an error that says:

An error was received from the secure gateway in response to the VPN negotiation request.

The logs show on the ASA show an error that states:

No address available for SVC connection

That's cool but I have a dhcp pool configured and assigned to the group policies.

What gives? (and yes... I'm frustrated.)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
smahbub Mon, 08/27/2007 - 12:49

As new features are released for the AnyConnect client, you must update the AnyConnect clients of your remote users for them to use the new features. To minimize download time, the AnyConnect client requests downloads (from the security appliance) only of modules that it needs for each feature that it supports. To enable new features, you must specify the new module names using the svc modules command from group policy webvpn or username webvpn configuration mode:

purohit_810 Tue, 08/28/2007 - 11:06

Don't put in DHCP pool,

Configured IP address as a LOCAL POOL (USE INTERNAL ADDRESS POOL) and check.


Dharmesh Purohit

jake-savage Tue, 08/28/2007 - 11:40

Thanks for the replies. I actually had the config right but there's a bug in the 8.0(2) code that was preventing me from connecting. Apparently the bug affects ASA's with ONLY 2 webvpn licenses. If you have more, you're fine.

The bug ID is:


mike.mooneyham Tue, 01/08/2008 - 12:28

Add a address pool under

tunnel-group DefaultWEBVPNGroup general-attributes

For some reason the ASA wants to use that tunnel group and will not assign an address to any other group.


This Discussion