10-10-2008 10:44 AM - edited 03-11-2019 06:56 AM
I am trying to configure AnyConnect and I used ASDM to configure it the first time.
My error is when AnyConnect tries to establish VPN it comes back with an error "No Assigned Address"
I pointed the Policy Group to the IP Pool and everything appears right in the config. ASA 5510 with version 8.03 and AnyConnect version 2.2
webvpn
enable outside
svc image disk0:/anyconnect-win-2.2.0140-k9.pkg 1
svc enable
group-policy default internal
group-policy default attributes
wins-server value 10.1.1.25 10.1.1.21
dns-server value 10.1.1.25 10.1.1.21
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value default_splitTunnelAcl
default-domain value legalplans.com
split-dns value legalplans.com
group-policy DfltGrpPolicy attributes
webvpn
svc ask enable default webvpn timeout 10
file-entry disable
file-browsing disable
group-policy RemoteSSLGrp internal
group-policy RemoteSSLGrp attributes
wins-server value 10.1.1.25 10.1.1.21
dns-server value 10.1.1.25 10.1.1.21
vpn-tunnel-protocol svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value default_splitTunnelAcl
default-domain value legalplans.com
split-dns value legalplans.com
webvpn
url-list value Hyatt_Legal_Resources
svc dtls enable
svc ask enable default svc
username cisco password rSR3HnWu8SCJ8g2s encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
authentication-server-group RADIUS
tunnel-group DefaultWEBVPNGroup general-attributes
authentication-server-group RADIUS
tunnel-group default type remote-access
tunnel-group default general-attributes
address-pool ras
authentication-server-group RADIUS
default-group-policy default
tunnel-group default ipsec-attributes
pre-shared-key *
tunnel-group SSLvpn type remote-access
tunnel-group SSLvpn general-attributes
address-pool ras
authentication-server-group RADIUS
default-group-policy RemoteSSLGrp
10-10-2008 11:28 AM
This isnt quite the fix but here is what I found out so far. During the setup wizard I created a connection profile called SSLvpn and made changes to that profile.
What I come to find out is that the system is actually strictly using the DfltGrpPolicy settings.
even if you look at the config above you will see Im trying to use the SSLvpn connection not the defaultgrppolicy.
10-11-2008 03:30 AM
How are the users selecting the group to login? You need to define a way, group-url, tunnel drop down etc. Have a look at this:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808bd83d.shtml
Regards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: