07-20-2009 08:37 PM - edited 02-21-2020 04:17 PM
hi, i am having troubles connecting to an asa 5505 with anyconnect vpn client:
config:
crypto ca trustpoint localtrust
enrollment self
fqdn ssl.blah.com
subject-name CN=ssl.blah.com
keypair sslvpnkeypair
crl configure
crypto ca certificate chain localtrust
ssl trust-point localtrust outside
webvpn
enable outside
svc image disk0:/any.pkg 1
svc enable
group-policy SSLCLientPolicy internal
group-policy SSLCLientPolicy attributes
dns-server value 4.2.2.2
vpn-tunnel-protocol svc
address-pools value vpnpool
group-policy DfltGrpPolicy attributes
dns-server value 4.2.2.2
vpn-tunnel-protocol svc webvpn
address-pools value vpnpool
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool vpnpool
tunnel-group DefaultWEBVPNGroup webvpn-attributes
group-alias SSLVPNClient enable
tunnel-group SSLClientProfile type remote-access
!
access-list nat0 extended permit ip 10.191.191.0 255.255.255.0 10.199.199.0 255.255.255.0
nat (inside) 0 access-list nat0
any idea what is wrong?
i have been stumped on this for hours
thanks
ERRROR posted below since out of space
07-20-2009 08:38 PM
%ASA-5-737003: IPAA: DHCP configured, no viable servers found for tunnel-group 'DefaultWEBVPNGroup'
%ASA-4-722041: TunnelGroup
%ASA-5-722033: Group
%ASA-4-722051: Group
webvpn_rx_data_tunnel_connect
CSTP state = HEADER_PROCESSING
http_parse_cstp_method()
...input: 'CONNECT /CSCOSSLC/tunnel HTTP/1.1'
webvpn_cstp_parse_request_field()
...input: 'Host: c-asasasdadsdasadsfast.net'
Processing CSTP header line: 'Host: asdfsdfsadf.asdfadfsf.net'
webvpn_cstp_parse_request_field()
...input: 'User-Agent: Cisco AnyConnect VPN Agent for Windows 2.3.2016'
Processing CSTP header line: 'User-Agent: Cisco AnyConnect VPN Agent for Windows 2.3.2016'
Setting user-agent to: 'Cisco AnyConnect VPN Agent for Windows 2.3.2016'
webvpn_cstp_parse_request_field()
...input: 'Cookie: webvpn=2839526471@262144@1248130490@E8EA84BBD9CB0B605099F7E7C7E65F5FC6CEB67A'
Processing CSTP header line: 'Cookie: webvpn=2839526471@262144@1248130490@E8EA84BBD9CB0B605099F7E7C7E65F5FC6CEB67A'
Found WebVPN cookie: 'webvpn=2839526471@262144@1248130490@E8EA84BBD9CB0B605099F7E7C7E65F5FC6CEB67A'
WebVPN Cookie: 'webvpn=2839526471@262144@1248130490@E8EA84BBD9CB0B605099F7E7C7E65F5FC6CEB67A'
IPADDR: '2839526471', INDEX: '262144', LOGIN: '1248130490'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-Version: 1'
Processing CSTP header line: 'X-CSTP-Version: 1'
Setting version to '1'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-Hostname: asd-PC'
Processing CSTP header line: 'X-CSTP-Hostname: e'
Setting hostname to: 'asd-PC'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-Accept-Encoding: deflate;q=1.0'
Processing CSTP header line: 'X-CSTP-Accept-Encoding: deflate;q=1.0'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-MTU: 1406'
07-20-2009 08:38 PM
Processing CSTP header line: 'X-CSTP-MTU: 1406'
webvpn_cstp_parse_request_field()
%ASA-5-722010: Group
%ASA-5-722037: Group
%ASA-4-113019: Group = DefaultWEBVPNGroup, Username = guest, IP = connectingip, Session disconnected. Session Type: SSL, Duration: 0h:00m:05s, Bytes xmt: 11323, Bytes rcv: 3138, Reason: User Requested
...input: 'X-CSTP-Address-Type: IPv6,IPv4'
Processing CSTP header line: 'X-CSTP-Address-Type: IPv6,IPv4'
webvpn_cstp_parse_request_field()
...input: 'X-DTLS-Master-Secret: D9DB873DDC2A1B14B3E35AD78BBE0EED3EB3850EC8712364C543DBDDBE0D0BFEA5171E7DE46A0C8BE9EBEB6AF36F26D7'
Processing CSTP header line: 'X-DTLS-Master-Secret: D9DB873DDC2A1B14B3E35AD78BBE0EED3EB3850EC8712364C543DBDDBE0D0BFEA5171E7DE46A0C8BE9EBEB6AF36F26D7'
webvpn_cstp_parse_request_field()
...input: 'X-DTLS-CipherSuite: AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA'
Processing CSTP header line: 'X-DTLS-CipherSuite: AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-Protocol: Copyright (c) 2004 Cisco Systems, Inc.'
Processing CSTP header line: 'X-CSTP-Protocol: Copyright (c) 2004 Cisco Systems, Inc.'
Validating address: 0.0.0.0
CSTP state = WAIT_FOR_ADDRESS
webvpn_cstp_accept_address: 10.199.199.1/255.255.255.0
webvpn_cstp_accept_ipv6_address: No IPv6 Address
CSTP state = HAVE_ADDRESS
SVC: NP setup
np_svc_create_session(0x40000, 0xD5291360, TRUE)
webvpn_svc_np_setup
SVC ACL Name: NULL
SVC ACL ID: -1
SVC ACL ID: -1
vpn_put_uauth success!
SVC IPv6 ACL Name: NULL
SVC IPv6 ACL ID: -1
SVC: adding to sessmgmt
SVC: Sending response
Unable to initiate NAC, NAC might not be enabled or invalid policy
CSTP state = CONNECTED
webvpn_rx_data_cstp
webvpn_rx_data_cstp: got message
SVC message: t/s=3/16: Failed to fully establish a connection to the secure gateway (proxy authentication, handshake, bad cert, etc.).
Called vpn_remove_uauth: success!
webvpn_svc_np_tear_down: no ACL
webvpn_svc_np_tear_down: no IPv6 ACL
np_svc_destroy_session(0x40000)
08-18-2009 01:04 PM
Anyone come up with information on the above error. I have some users that are starting to see it after upgrading to 2.3.2016. At first glance they appear to all be Vista machines.
My error is as follows:
SVC Message: 16/ERROR: Failed to fully establish a connection to the secure gateway (proxy authentication, handshake, bad cert, etc.)..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide