06-22-2009 11:04 AM - edited 02-21-2020 03:31 AM
The group policy we are currently using for anyconnect is assigned to only use sslvpn client as the tunneling protocol. Whenever anyone connects directly from anyconnect it shows them as a clientless session. Any ideas on this? Needing this fast if anyone can help?
06-22-2009 12:05 PM
I'm seeing the same issue with a client- running ASA 8.2 code and latest AnyConnect. Did you get any answers on this?
06-22-2009 12:13 PM
I am running 8.0.3, I am on the phone with the TAC right now....
06-23-2009 05:54 AM
I was told I needed to upgrade for my anyconnect essentials license to work. So I upgrade to 8.2 last night, still not working, back to the TAC unless someone has any ideas?
06-24-2009 07:42 AM
After a call to the TAC again, I had to add this no statement to allow multiple ssl connections
run this:
sh run | include sessiondb
add a "no" to that, and now you will be allowed as many connections as your ASA can handle... i would give you the full command but I forgot it
06-24-2009 01:51 PM
The AnyConnect Essentials license provides basic VPN connectivity using AnyConnect only. With this license installed, clientless WebVPN and CSD will no longer function. I am assuming the command you were instructed to use was:
config t
webvpn
no anyconnect-essentials
By disabling the AnyConnect Essentials functionality, the ASA will revert to the previous license installed. If this is the default license, then SSL VPN will be restricted to 2 simultaneous connections.
Since upgrading to 8.2.1, are you still seeing the AnyConnect sessions showing under the clientless session count?
06-24-2009 01:53 PM
no i did not disable anyconnect-essentials i disabled the maximum ssl sessions, ys they still show up as clientless, but we can now run more than 2 sessions
06-25-2009 05:46 AM
here we go i reviewed my tac log..
removed this command:
vpn-sessiondb max-webvpn-session-limit 2
10-28-2009 05:21 AM
Hi,
I tried this but then my load balancing between the two asa's does not work anymore. All users connect then to the backup asa, de vpn % load remains 0 when I use this command.
When I enable the command the load balancing is restored.
Or is the problem that the SSL load is to small. So 1 % load is 50 users (5000 / 100 % = 50 users per 1 %). So I must have 50 users before I see any load? I am still testing but not with 50 persons I need to know this for sure.
I use the anyconnect client essential license so I could use 5000 users on my 5550 (have two). The field in max-webvpn-session is standard set to 10. I cannot increase the number. When I set it to 1 only one client can connect to one asa. So the essential license is not working I think
Is this a bug?
10-28-2009 05:47 AM
Ok this is what I found for my two ASA 5550 with anyconnect essentials.
When I try to change the max number of ssl connection (standard 10) ASDM says I must enter a number between 1 and 10.
When I push the command through the cli:
vpn-sessiondb max-webvpn-session-limit 100. And then refresh ASDM displays 100, the SSL load on the ASA's is then 1% for 1 client and so this works.
I will now test with more then 20 users to see if I get over the 10 + 10 standard licenses of both the ASA 5550.
Thx,
Marc
08-19-2013 07:22 AM
Hi,
Any solution or explanation to this showing of clientless sessions while using anyconnect ?
I am using 8.3.2 and at my test environment the anyconnect connections show up like his :
Username: userX
Group Policy: SSL_VPN_POLICY
Connection Profile: ....
Assigned IP Address x.x.x.x
Public IP Address: y.y.y.y
Protocol Encryption: Clientless SSL-Tunnel DTLS-Tunnel RC4 AES128
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: