Vista Clientless WebVPN and ASA v 8.02 - No Clientless for Vista

jdwcal730 · ‎10-10-2007

We are having a problem after configuring an ASA WebVPN to do Clientless. When a non Windows Vista system connects the clientless SSL Web VPN works just fine via the HTTPS:// address. If a Windows Vista system connects, it won't do it via the Clientless. Instead it downloads the Java Any Connect client from the ASA and wants to connect to the web VPN via the client. Does Vista work with the Clientless VPN? Do we have to use Any Connect with Vista?

We do have these commands on the ASA v8.02:

webvpn

enable outside

svc image disk0:/sslclient-win-1.1.4.176.pkg 1

svc image disk0:/anyconnect-win-2.0.0343-k9.pkg 2

If we take off the Windows AnyConnect, will Vista use the Clientless?

lambiase · ‎10-13-2007

Vista certainly works in clientless mode, so you will need to look around your configuration a little more. I configured a dozen ASAs with SSL VPN and have both clientless and SVC working across the Windows operating systems.

Immediately launching the SVC after login is a function of the group policy. Here is an example:

group-policy MFA-Demo-01 attributes

webvpn

svc ask none default svc

The options for the 'Post Login' setting are to prompt/not-promt, and 'Go to...portal' or 'Download SSL VPN Client'. (You will find this in ASDM at Remote Access VPN > Clientless SSL VPN Access > Group Policies (Edit a policy) > More Options > Login Setting).

Do you have more than one policy configured?

One of them may be configured this way.

Also, you can monitor the logs, as they indicate the Group Policy that a user is assigned to when they authenitcate an SSL VPN connection.

Taking off AnyConnect will likely break the group policy.

Mark

jdwcal730 · ‎11-13-2007

Found the issue. According to TAC this is fixed in Anyconnect 2.1. This was just released on Nov 7th, and tested, and the errors went away. It is all working now.