Webvpn weird authentication issues

Unanswered Question
Apr 14th, 2008
User Badges:

Hi All,


I have just configured webvpn on a pair of asa5510's, the webvpn is now issuing a pop-up when I log in either to a group that authenticates locally on the asa of to a group that authenticates to a Radius server.

the Pop-Up is a User Alert in the form

https://**.**.**.**/+CSCOE+/useralert.html

(the pop-up is the same no matter what group I authenticate into.)


here is the webvpn config, any pointers to remove this would be GREAT




ciscoasa# sh run | beg webvpn

webvpn

enable outside

svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 1

svc enable

tunnel-group-list enable

group-policy DfltGrpPolicy attributes

vpn-tunnel-protocol IPSec svc webvpn

group-policy Staff_Group_Policy internal

group-policy Staff_Group_Policy attributes

vpn-filter value STAFF_RULE

vpn-tunnel-protocol IPSec svc webvpn

vlan 10

address-pools value Staff_DHCP

webvpn

url-list value Staff

file-entry enable

file-browsing enable

group-policy Student_Group_Policy internal

group-policy Student_Group_Policy attributes

vpn-filter value STUDENT_RULES

vpn-tunnel-protocol IPSec svc webvpn

vlan 1

address-pools value Student_DHCP

webvpn

url-list value Students

file-entry enable

file-browsing enable

group-policy IT_Dept_Group_Policy internal

group-policy IT_Dept_Group_Policy attributes

vpn-tunnel-protocol IPSec svc webvpn

vlan none

address-pools value IT_Dept_DHCP

webvpn

hidden-shares none

username ******* password *******

tunnel-group IT_Dept type remote-access

tunnel-group IT_Dept general-attributes

default-group-policy IT_Dept_Group_Policy

tunnel-group IT_Dept webvpn-attributes

group-alias IT_Dept enable

tunnel-group IT_Dept ipsec-attributes

pre-shared-key *

tunnel-group Students type remote-access

tunnel-group Students general-attributes

authentication-server-group STUDENT_RADIUS

authentication-server-group (student) STUDENT_RADIUS

default-group-policy Student_Group_Policy

tunnel-group Students webvpn-attributes

group-alias Students enable

tunnel-group Students ipsec-attributes

pre-shared-key *

tunnel-group STAFF type remote-access

tunnel-group STAFF general-attributes

address-pool Staff_DHCP

authentication-server-group STAFF_RADUIS

authentication-server-group (Staff) STAFF_RADUIS

default-group-policy Staff_Group_Policy

tunnel-group STAFF webvpn-attributes

group-alias STAFF enable


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
owillins Fri, 04/18/2008 - 10:20
User Badges:
  • Silver, 250 points or more

Is user alert set in WebVPN mode?

ASA(config-webvpn)# no user-alert

ASA(config-webvpn)#

As for filtering Smart Tunnel traffic you will need to specify syntax as

such:

access-list temp webtype permit url smart-tunnel://x.x.x.x


mlatham67 Thu, 05/29/2008 - 13:40
User Badges:

Hi All



I Found that a reboot fixed my issue, but please make a note that a few weeks after we lost all access to cifs shares, the error was


Error Contacting Host




Please check bug CSCsl94183 and upgrade to asa803-12-k8.bin, this seems a lot more stable.




good luck.




schaef350 Tue, 09/17/2013 - 11:42
User Badges:
  • Bronze, 100 points or more

I found this thread while working on the same issue and figured I would update it to have accurate information:


I resolved this on our 9.1 ASA with something like this:


ciscoasa(config)# tunnel-group   general-attributes

ciscoasa(config-tunnel-general)# user-alert cancel



- Be sure to rate all helpful posts

Jatin Katyal Tue, 09/17/2013 - 21:51
User Badges:
  • Cisco Employee,

CSCth21493

DOC: Multiple errors in ASA Command Reference for 'user-alert'


Symptom:

There are multiple errors in the ASA Command Reference regarding the 'user-alert' command. The most important one is, that from ASA version 8.2 onwards, the "no user-alert" command does not exist anymore, but has been replaced by the "user-alert cancel" command.


~BR
Jatin Katyal

**Do rate helpful posts**

Actions

This Discussion