Anyconnect sessions showing up as clientless vpn sessions

Unanswered Question
Jun 22nd, 2009
User Badges:

The group policy we are currently using for anyconnect is assigned to only use sslvpn client as the tunneling protocol. Whenever anyone connects directly from anyconnect it shows them as a clientless session. Any ideas on this? Needing this fast if anyone can help?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
justinbodie Mon, 06/22/2009 - 12:05
User Badges:

I'm seeing the same issue with a client- running ASA 8.2 code and latest AnyConnect. Did you get any answers on this?

kyle.southerland Tue, 06/23/2009 - 05:54
User Badges:

I was told I needed to upgrade for my anyconnect essentials license to work. So I upgrade to 8.2 last night, still not working, back to the TAC unless someone has any ideas?

kyle.southerland Wed, 06/24/2009 - 07:42
User Badges:

After a call to the TAC again, I had to add this no statement to allow multiple ssl connections


run this:

sh run | include sessiondb

add a "no" to that, and now you will be allowed as many connections as your ASA can handle... i would give you the full command but I forgot it

Todd Pula Wed, 06/24/2009 - 13:51
User Badges:
  • Silver, 250 points or more

The AnyConnect Essentials license provides basic VPN connectivity using AnyConnect only. With this license installed, clientless WebVPN and CSD will no longer function. I am assuming the command you were instructed to use was:


config t

webvpn

no anyconnect-essentials


By disabling the AnyConnect Essentials functionality, the ASA will revert to the previous license installed. If this is the default license, then SSL VPN will be restricted to 2 simultaneous connections.


Since upgrading to 8.2.1, are you still seeing the AnyConnect sessions showing under the clientless session count?

kyle.southerland Wed, 06/24/2009 - 13:53
User Badges:

no i did not disable anyconnect-essentials i disabled the maximum ssl sessions, ys they still show up as clientless, but we can now run more than 2 sessions

kyle.southerland Thu, 06/25/2009 - 05:46
User Badges:

here we go i reviewed my tac log..

removed this command:

vpn-sessiondb max-webvpn-session-limit 2


MJonkers Wed, 10/28/2009 - 05:21
User Badges:

Hi,


I tried this but then my load balancing between the two asa's does not work anymore. All users connect then to the backup asa, de vpn % load remains 0 when I use this command.

When I enable the command the load balancing is restored.


Or is the problem that the SSL load is to small. So 1 % load is 50 users (5000 / 100 % = 50 users per 1 %). So I must have 50 users before I see any load? I am still testing but not with 50 persons I need to know this for sure.


I use the anyconnect client essential license so I could use 5000 users on my 5550 (have two). The field in max-webvpn-session is standard set to 10. I cannot increase the number. When I set it to 1 only one client can connect to one asa. So the essential license is not working I think


Is this a bug?

MJonkers Wed, 10/28/2009 - 05:47
User Badges:

Ok this is what I found for my two ASA 5550 with anyconnect essentials.


When I try to change the max number of ssl connection (standard 10) ASDM says I must enter a number between 1 and 10.

When I push the command through the cli:

vpn-sessiondb max-webvpn-session-limit 100. And then refresh ASDM displays 100, the SSL load on the ASA's is then 1% for 1 client and so this works.


I will now test with more then 20 users to see if I get over the 10 + 10 standard licenses of both the ASA 5550.


Thx,


Marc

sebastianvandijk Mon, 08/19/2013 - 07:22
User Badges:

Hi,


Any solution or explanation to this showing of clientless sessions while using anyconnect ?

I am using 8.3.2 and at my test environment the anyconnect connections show up like his :


Username: userX

Group Policy: SSL_VPN_POLICY

Connection Profile: ....

Assigned IP Address x.x.x.x

Public IP Address: y.y.y.y

Protocol Encryption: Clientless SSL-Tunnel DTLS-Tunnel RC4 AES128

Actions

This Discussion