Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1416
Views
0
Helpful
1
Replies

AnyConnect VPN on Cisco IOS router problem

weymannpe
Level 1
Level 1

‎07-18-2008 01:43 AM - edited ‎02-21-2020 03:50 PM

Hi all,

I am using a Cisco 871 IOS router with IOS software release 12.4(20)T (Adv.Security) and the following configuration for SSL VPN access.

aaa new-model

!

aaa authentication login VPNCLIENT local

aaa authorization network VPNGROUP local

crypto pki trustpoint TP-self-signed-1188774920

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1188774920

revocation-check none

rsakeypair TP-self-signed-1188774920

!

username remote privilege 0 secret xxx

!

!

interface FastEthernet4

ip address 192.168.32.125 255.255.255.240

!

interface Loopback10

ip address 192.168.32.142 255.255.255.240

!

ip local pool VPN-1 192.168.32.129 192.168.32.138

!

webvpn gateway webvpngw-1

ip address 192.168.32.125 port 443

ssl trustpoint TP-self-signed-1188774920

logging enable

inservice

!

webvpn install svc flash:/webvpn/svc_1.pkg sequence 1

!

webvpn context webvpncontext-1

ssl authenticate verify all

!

policy group webvpngroup-1

functions svc-enabled

timeout idle 3600

svc address-pool "VPN-1"

svc default-domain "home.loc"

svc keep-client-installed

svc dpd-interval gateway 30

svc rekey method new-tunnel

svc split include 192.168.32.0 255.255.255.128

svc split include 192.168.32.181 255.255.255.255

svc dns-server primary 192.168.32.109

default-group-policy webvpngroup-1

aaa authentication list VPNCLIENT

aaa authorization list VPNGROUP

gateway webvpngw-1

max-users 10

user-profile location flash:webvpn/webvpncontext-1/

logging enable

inservice

!

On the client side im using AnyConnect VPN Client version 2.2.0.133.

When I connect to the specified IP address (192.168.32.125) I've been asked for username and password. After successfull username/password

verfification I got the error message:

"An error was received from the secure gateway in response to the VPN negotiation request. Please contact your network administrator."

For troubleshooting I turned on the following debug commands.

debug webvpn tunnel

debug webvpn verbose

debug webvpn aaa

debug webvpn cookie

debug webvpn package

debug webvpn entry webvpncontext-1

You can find the output in the attachement

When the connection is closed - the debug shows the following message:

008305: Jul 18 11:35:21.940 CEST: %SSLVPN-5-SSL_TLS_ERROR: vw_ctx: webvpncontext-1 vw_gw: webvpngw-1 i_vrf: 0 f_vrf: 0 status: SSL/TLS connection

error with remote at 192.168.32.2:1823

If you have any idea, pleas let me know!

Many thanks!!!

Best regards

Peter

Labels:
Preview file
21 KB
0 Helpful
1 Reply 1

aghaznavi
Level 5
Level 5

‎07-24-2008 10:33 AM

1. Uninstalled and re-installed the webvpn package and the anyconnect package.

2. Assign the different pool for both ipsec and anyconnect clients.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents