AnyConnect VPN on Cisco IOS router problem

Unanswered Question
Jul 18th, 2008

Hi all,

I am using a Cisco 871 IOS router with IOS software release 12.4(20)T (Adv.Security) and the following configuration for SSL VPN access.

aaa new-model

!

aaa authentication login VPNCLIENT local

aaa authorization network VPNGROUP local

crypto pki trustpoint TP-self-signed-1188774920

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1188774920

revocation-check none

rsakeypair TP-self-signed-1188774920

!

username remote privilege 0 secret xxx

!

!

interface FastEthernet4

ip address 192.168.32.125 255.255.255.240

!

interface Loopback10

ip address 192.168.32.142 255.255.255.240

!

ip local pool VPN-1 192.168.32.129 192.168.32.138

!

webvpn gateway webvpngw-1

ip address 192.168.32.125 port 443

ssl trustpoint TP-self-signed-1188774920

logging enable

inservice

!

webvpn install svc flash:/webvpn/svc_1.pkg sequence 1

!

webvpn context webvpncontext-1

ssl authenticate verify all

!

policy group webvpngroup-1

functions svc-enabled

timeout idle 3600

svc address-pool "VPN-1"

svc default-domain "home.loc"

svc keep-client-installed

svc dpd-interval gateway 30

svc rekey method new-tunnel

svc split include 192.168.32.0 255.255.255.128

svc split include 192.168.32.181 255.255.255.255

svc dns-server primary 192.168.32.109

default-group-policy webvpngroup-1

aaa authentication list VPNCLIENT

aaa authorization list VPNGROUP

gateway webvpngw-1

max-users 10

user-profile location flash:webvpn/webvpncontext-1/

logging enable

inservice

!

On the client side im using AnyConnect VPN Client version 2.2.0.133.

When I connect to the specified IP address (192.168.32.125) I've been asked for username and password. After successfull username/password

verfification I got the error message:

"An error was received from the secure gateway in response to the VPN negotiation request. Please contact your network administrator."

For troubleshooting I turned on the following debug commands.

debug webvpn tunnel

debug webvpn verbose

debug webvpn aaa

debug webvpn cookie

debug webvpn package

debug webvpn entry webvpncontext-1

You can find the output in the attachement

When the connection is closed - the debug shows the following message:

008305: Jul 18 11:35:21.940 CEST: %SSLVPN-5-SSL_TLS_ERROR: vw_ctx: webvpncontext-1 vw_gw: webvpngw-1 i_vrf: 0 f_vrf: 0 status: SSL/TLS connection

error with remote at 192.168.32.2:1823

If you have any idea, pleas let me know!

Many thanks!!!

Best regards

Peter

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
aghaznavi Thu, 07/24/2008 - 10:33

1. Uninstalled and re-installed the webvpn package and the anyconnect package.

2. Assign the different pool for both ipsec and anyconnect clients.

Actions

This Discussion