IOS SSL VPN (problems / which files is needed on the flash)

Unanswered Question
Mar 3rd, 2009
User Badges:

Hi,


for the IOS SSL VPN need to know which files are needed on the router FLASH.


Is needed any home.shtml ?




I've used the following info to configure the cisco 2821 router:


http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/white_paper_c07-372106_ps6657_Products_White_Paper.html


I've installed the

sslclient-win-1.1.4.179-anyconnect.pkg



BUT WHEN I TRY TO CONNECT TO THE ROUTER https://xxx.20.yyy.156/tunnel THE ROUTER TELL ME:



Mar 3 17:25:24 Rome: WV-SDPS: Sev 1:sdps_sslvpn_send_ssl_func(),line 484:SDPS Assertion failed :!ret


Mar 3 17:25:24 Rome: %SSLVPN-5-SSL_TLS_ERROR: vw_ctx: UNKNOWN vw_gw: sslvpn i_vrf: 0 f_vrf: 0 status: SSL/TLS connection error with remote at xxx.244.yyy.87:2634




Following the config:




webvpn gateway sslvpn

hostname sslvpn

ip address xxx.20.yyy.156 port 443

ssl encryption aes-sha1

ssl trustpoint local

logging enable

inservice

!

webvpn install svc flash:/webvpn/svc_1.pkg sequence 1

!

webvpn context context-sslvpn1

ssl authenticate verify all

!

url-list "eng"

url-text "wwwin-eng" url-value "http://wwwin-eng.cisco.com"

!

nbns-list "cifs-servers"

nbns-server 172.16.1.1 master

nbns-server 172.16.2.2 timeout 10 retries 5

nbns-server 172.16.3.3 timeout 10 retries 5

login-message "unauthorized access to this network device is prohibited."

!

port-forward "portlist"

local-port 30019 remote-server "ssh-server" remote-port 22 description "SSH"

local-port 30021 remote-server "mailserver" remote-port 110 description "POP3"

local-port 30022 remote-server "mailserver" remote-port 25 description "SMTP"

local-port 30020 remote-server "mailserver" remote-port 143 description "IMAP"

!

policy group policy-sslvpn1

url-list "eng"

port-forward "portlist"

nbns-list "cifs-servers"

functions file-access

functions file-browse

functions file-entry

citrix enabled

default-group-policy policy-sslvpn1

gateway sslvpn domain clientless

user-profile location flash:webvpn/sslvpn/context-sslvpn1

inservice

!

!

webvpn context context-sslvpn2

ssl authenticate verify all

!

!

policy group policy-sslvpn2

functions svc-enabled

svc address-pool "WEBVPN"

svc default-domain "cisco.com"

svc keep-client-installed

svc dpd-interval gateway 30

svc rekey method new-tunnel

svc split include 10.0.0.0 255.255.255.0

svc dns-server primary 192.168.3.1

svc dns-server secondary 192.168.4.1

default-group-policy policy-sslvpn2

aaa authentication list clientauth

gateway sslvpn domain tunnel

user-profile location flash:webvpn/sslvpn/context-sslvpn2

logging enable

inservice

!

end


sslvpn#




Regards.


Roberto Taccon



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smalkeric Mon, 03/09/2009 - 07:28
User Badges:
  • Silver, 250 points or more

This will be resolved in 2.4.18 of the AnyConnect client. You may want to try the 2.2+ version of AnyConnect as a potential work around.

Actions

This Discussion