10-10-2007 08:49 AM
We are having a problem after configuring an ASA WebVPN to do Clientless. When a non Windows Vista system connects the clientless SSL Web VPN works just fine via the HTTPS:// address. If a Windows Vista system connects, it won't do it via the Clientless. Instead it downloads the Java Any Connect client from the ASA and wants to connect to the web VPN via the client. Does Vista work with the Clientless VPN? Do we have to use Any Connect with Vista?
We do have these commands on the ASA v8.02:
webvpn
enable outside
svc image disk0:/sslclient-win-1.1.4.176.pkg 1
svc image disk0:/anyconnect-win-2.0.0343-k9.pkg 2
If we take off the Windows AnyConnect, will Vista use the Clientless?
10-13-2007 11:50 AM
Vista certainly works in clientless mode, so you will need to look around your configuration a little more. I configured a dozen ASAs with SSL VPN and have both clientless and SVC working across the Windows operating systems.
Immediately launching the SVC after login is a function of the group policy. Here is an example:
group-policy MFA-Demo-01 attributes
webvpn
svc ask none default svc
The options for the 'Post Login' setting are to prompt/not-promt, and 'Go to...portal' or 'Download SSL VPN Client'. (You will find this in ASDM at Remote Access VPN > Clientless SSL VPN Access > Group Policies (Edit a policy) > More Options > Login Setting).
Do you have more than one policy configured?
One of them may be configured this way.
Also, you can monitor the logs, as they indicate the Group Policy that a user is assigned to when they authenitcate an SSL VPN connection.
Taking off AnyConnect will likely break the group policy.
Mark
11-13-2007 03:12 PM
Found the issue. According to TAC this is fixed in Anyconnect 2.1. This was just released on Nov 7th, and tested, and the errors went away. It is all working now.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: