cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2406
Views
0
Helpful
10
Replies

Anyconnect sessions showing up as clientless vpn sessions

The group policy we are currently using for anyconnect is assigned to only use sslvpn client as the tunneling protocol. Whenever anyone connects directly from anyconnect it shows them as a clientless session. Any ideas on this? Needing this fast if anyone can help?

10 Replies 10

justinbodie
Level 4
Level 4

I'm seeing the same issue with a client- running ASA 8.2 code and latest AnyConnect. Did you get any answers on this?

I am running 8.0.3, I am on the phone with the TAC right now....

I was told I needed to upgrade for my anyconnect essentials license to work. So I upgrade to 8.2 last night, still not working, back to the TAC unless someone has any ideas?

After a call to the TAC again, I had to add this no statement to allow multiple ssl connections

run this:

sh run | include sessiondb

add a "no" to that, and now you will be allowed as many connections as your ASA can handle... i would give you the full command but I forgot it

The AnyConnect Essentials license provides basic VPN connectivity using AnyConnect only. With this license installed, clientless WebVPN and CSD will no longer function. I am assuming the command you were instructed to use was:

config t

webvpn

no anyconnect-essentials

By disabling the AnyConnect Essentials functionality, the ASA will revert to the previous license installed. If this is the default license, then SSL VPN will be restricted to 2 simultaneous connections.

Since upgrading to 8.2.1, are you still seeing the AnyConnect sessions showing under the clientless session count?

no i did not disable anyconnect-essentials i disabled the maximum ssl sessions, ys they still show up as clientless, but we can now run more than 2 sessions

here we go i reviewed my tac log..

removed this command:

vpn-sessiondb max-webvpn-session-limit 2

Hi,

I tried this but then my load balancing between the two asa's does not work anymore. All users connect then to the backup asa, de vpn % load remains 0 when I use this command.

When I enable the command the load balancing is restored.

Or is the problem that the SSL load is to small. So 1 % load is 50 users (5000 / 100 % = 50 users per 1 %). So I must have 50 users before I see any load? I am still testing but not with 50 persons I need to know this for sure.

I use the anyconnect client essential license so I could use 5000 users on my 5550 (have two). The field in max-webvpn-session is standard set to 10. I cannot increase the number. When I set it to 1 only one client can connect to one asa. So the essential license is not working I think

Is this a bug?

Ok this is what I found for my two ASA 5550 with anyconnect essentials.

When I try to change the max number of ssl connection (standard 10) ASDM says I must enter a number between 1 and 10.

When I push the command through the cli:

vpn-sessiondb max-webvpn-session-limit 100. And then refresh ASDM displays 100, the SSL load on the ASA's is then 1% for 1 client and so this works.

I will now test with more then 20 users to see if I get over the 10 + 10 standard licenses of both the ASA 5550.

Thx,

Marc

Hi,

Any solution or explanation to this showing of clientless sessions while using anyconnect ?

I am using 8.3.2 and at my test environment the anyconnect connections show up like his :

Username: userX

Group Policy: SSL_VPN_POLICY

Connection Profile: ....

Assigned IP Address x.x.x.x

Public IP Address: y.y.y.y

Protocol Encryption: Clientless SSL-Tunnel DTLS-Tunnel RC4 AES128

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: