Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1569
Views
0
Helpful
1
Replies

IOS SSL VPN (problems / which files is needed on the flash)

ROBERTO TACCON
Level 4
Level 4

‎03-03-2009 08:27 AM

Hi,

for the IOS SSL VPN need to know which files are needed on the router FLASH.

Is needed any home.shtml ?

I've used the following info to configure the cisco 2821 router:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/white_paper_c07-372106_ps6657_Products_White_Paper.html

I've installed the

sslclient-win-1.1.4.179-anyconnect.pkg

BUT WHEN I TRY TO CONNECT TO THE ROUTER https://xxx.20.yyy.156/tunnel THE ROUTER TELL ME:

Mar 3 17:25:24 Rome: WV-SDPS: Sev 1:sdps_sslvpn_send_ssl_func(),line 484:SDPS Assertion failed :!ret

Mar 3 17:25:24 Rome: %SSLVPN-5-SSL_TLS_ERROR: vw_ctx: UNKNOWN vw_gw: sslvpn i_vrf: 0 f_vrf: 0 status: SSL/TLS connection error with remote at xxx.244.yyy.87:2634

Following the config:

webvpn gateway sslvpn

hostname sslvpn

ip address xxx.20.yyy.156 port 443

ssl encryption aes-sha1

ssl trustpoint local

logging enable

inservice

!

webvpn install svc flash:/webvpn/svc_1.pkg sequence 1

!

webvpn context context-sslvpn1

ssl authenticate verify all

!

url-list "eng"

url-text "wwwin-eng" url-value "http://wwwin-eng.cisco.com"

!

nbns-list "cifs-servers"

nbns-server 172.16.1.1 master

nbns-server 172.16.2.2 timeout 10 retries 5

nbns-server 172.16.3.3 timeout 10 retries 5

login-message "unauthorized access to this network device is prohibited."

!

port-forward "portlist"

local-port 30019 remote-server "ssh-server" remote-port 22 description "SSH"

local-port 30021 remote-server "mailserver" remote-port 110 description "POP3"

local-port 30022 remote-server "mailserver" remote-port 25 description "SMTP"

local-port 30020 remote-server "mailserver" remote-port 143 description "IMAP"

!

policy group policy-sslvpn1

url-list "eng"

port-forward "portlist"

nbns-list "cifs-servers"

functions file-access

functions file-browse

functions file-entry

citrix enabled

default-group-policy policy-sslvpn1

gateway sslvpn domain clientless

user-profile location flash:webvpn/sslvpn/context-sslvpn1

inservice

!

!

webvpn context context-sslvpn2

ssl authenticate verify all

!

!

policy group policy-sslvpn2

functions svc-enabled

svc address-pool "WEBVPN"

svc default-domain "cisco.com"

svc keep-client-installed

svc dpd-interval gateway 30

svc rekey method new-tunnel

svc split include 10.0.0.0 255.255.255.0

svc dns-server primary 192.168.3.1

svc dns-server secondary 192.168.4.1

default-group-policy policy-sslvpn2

aaa authentication list clientauth

gateway sslvpn domain tunnel

user-profile location flash:webvpn/sslvpn/context-sslvpn2

logging enable

inservice

!

end

sslvpn#

Regards.

Roberto Taccon

Labels:
0 Helpful
1 Reply 1

smalkeric
Level 6
Level 6

‎03-09-2009 07:28 AM

This will be resolved in 2.4.18 of the AnyConnect client. You may want to try the 2.2+ version of AnyConnect as a potential work around.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents