I understand this To. But deeper, it means that my Lan DHCP server can't deliver IP address to my VPN SSL client. I don't understand why!! As long as you check the "DHCP" box it should work, but at the moment it doesn't. Can you help me?

Best Regards,

Can you post output of webvpn debugs?

Regards

Farrukh

Here is a copy of syslog entries which best describe what is happening:

"Device completed SSL handshake with client outside: X.X.X.X:XXXX"

"TunnelGroup GroupPolicy User IP No address available for SVC connection"

The SSL connection starts without problems, but as soon as i need to be assigned an ip address, it doesn't work. The odd thing is that in both profile the DHCP box is checked.

Can someone help?

Best regards

Can you post the webvpn related CLI configuration?

Regards

Farrukh

Hi, here is what you asked me for:

"

webvpn

enable inside

enable outside

csd image disk0:/securedesktop-asa-3.2.1.103-k9.pkg

svc image disk0:/anyconnect-win-2.2.0128-k9.pkg 3

svc enable

cache

max-object-size 5000

group-policy DfltGrpPolicy attributes

dns-server value X.X.X.X

dhcp-network-scope X.X.X.X

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

default-domain value XXXXXX

intercept-dhcp 255.255.255.XXX enable

nac-settings value DfltGrpPolicy-nac-framework-create

webvpn

url-list value Lan_Applications

svc keepalive none

svc dpd-interval client none

svc dpd-interval gateway none

svc ask enable default webvpn

customization value DfltCustomization

tunnel-group DefaultRAGroup general-attributes

authentication-server-group (outside) LOCAL

authorization-server-group LOCAL

authorization-server-group (outside) LOCAL

dhcp-server XXX.XXX.XXX.XXX

tunnel-group DefaultWEBVPNGroup general-attributes

authentication-server-group (outside) LOCAL

authorization-server-group LOCAL

authorization-server-group (outside) LOCAL

dhcp-server XXX.XXX.XXX.XXX

authorization-required

Best Regards,

Jeyriku

Do you have the following in your configuration:

"vpn-addr-assign dhcp"

Note: DHCP assignment is disabled by default

Regards

Farrukh

Hi,

Many thanks for your response

No it doesn't appear but it should as i already typed it before

But the following appear:

"no vpn-addr-assign aaa

no vpn-addr-assign local"

Do you have an idea why it doesn't appear?

Best regards,

No that is ok, it means AAA and LOCAL are now disabled, and DHCP is enabled.

Can you post more aggressive debugs?

Regads

Farrukh

Hi,

Can you tell me what i need to do? What do you mean by "more agressive"?

kind Regards,

I meant more detailed/verbose debugs, please attach the output of the following:

debug dhcpd event

debug dhcprelay event

debug webvpn tunnel

debug webvpn svc

debug webvpn html

Regards

Farrukh

Ok,

I do that for you and will keep you updated.

Many thanks for your help.

Regards,

Here is an attachment with the debug messages

Kind Regards,

The issue seems to be your DHCP server, check the DHCP server IP /scope once again. Also any logs on the DHCP server end.

7|Jun 19 2008 10:00:10|711001: Validating address: 0.0.0.0

7|Jun 19 2008 10:00:10|711001: CSTP state = WAIT_FOR_ADDRESS

7|Jun 19 2008 10:00:10|711001: webvpn_cstp_accept_address: 0.0.0.0/0.0.0.0

7|Jun 19 2008 10:00:10|711001: webvpn_cstp_accept_address: no address?!?

7|Jun 19 2008 10:00:10|711001: CSTP state = HAVE_AD

Regards

Farrukh