07-18-2008 01:43 AM - edited 02-21-2020 03:50 PM
Hi all,
I am using a Cisco 871 IOS router with IOS software release 12.4(20)T (Adv.Security) and the following configuration for SSL VPN access.
aaa new-model
!
aaa authentication login VPNCLIENT local
aaa authorization network VPNGROUP local
crypto pki trustpoint TP-self-signed-1188774920
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1188774920
revocation-check none
rsakeypair TP-self-signed-1188774920
!
username remote privilege 0 secret xxx
!
!
interface FastEthernet4
ip address 192.168.32.125 255.255.255.240
!
interface Loopback10
ip address 192.168.32.142 255.255.255.240
!
ip local pool VPN-1 192.168.32.129 192.168.32.138
!
webvpn gateway webvpngw-1
ip address 192.168.32.125 port 443
ssl trustpoint TP-self-signed-1188774920
logging enable
inservice
!
webvpn install svc flash:/webvpn/svc_1.pkg sequence 1
!
webvpn context webvpncontext-1
ssl authenticate verify all
!
policy group webvpngroup-1
functions svc-enabled
timeout idle 3600
svc address-pool "VPN-1"
svc default-domain "home.loc"
svc keep-client-installed
svc dpd-interval gateway 30
svc rekey method new-tunnel
svc split include 192.168.32.0 255.255.255.128
svc split include 192.168.32.181 255.255.255.255
svc dns-server primary 192.168.32.109
default-group-policy webvpngroup-1
aaa authentication list VPNCLIENT
aaa authorization list VPNGROUP
gateway webvpngw-1
max-users 10
user-profile location flash:webvpn/webvpncontext-1/
logging enable
inservice
!
On the client side im using AnyConnect VPN Client version 2.2.0.133.
When I connect to the specified IP address (192.168.32.125) I've been asked for username and password. After successfull username/password
verfification I got the error message:
"An error was received from the secure gateway in response to the VPN negotiation request. Please contact your network administrator."
For troubleshooting I turned on the following debug commands.
debug webvpn tunnel
debug webvpn verbose
debug webvpn aaa
debug webvpn cookie
debug webvpn package
debug webvpn entry webvpncontext-1
You can find the output in the attachement
When the connection is closed - the debug shows the following message:
008305: Jul 18 11:35:21.940 CEST: %SSLVPN-5-SSL_TLS_ERROR: vw_ctx: webvpncontext-1 vw_gw: webvpngw-1 i_vrf: 0 f_vrf: 0 status: SSL/TLS connection
error with remote at 192.168.32.2:1823
If you have any idea, pleas let me know!
Many thanks!!!
Best regards
Peter
07-24-2008 10:33 AM
1. Uninstalled and re-installed the webvpn package and the anyconnect package.
2. Assign the different pool for both ipsec and anyconnect clients.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: