07-20-2009 08:37 PM - edited 02-21-2020 04:17 PM
hi, i am having troubles connecting to an asa 5505 with anyconnect vpn client:
config:
crypto ca trustpoint localtrust
enrollment self
fqdn ssl.blah.com
subject-name CN=ssl.blah.com
keypair sslvpnkeypair
crl configure
crypto ca certificate chain localtrust
ssl trust-point localtrust outside
webvpn
enable outside
svc image disk0:/any.pkg 1
svc enable
group-policy SSLCLientPolicy internal
group-policy SSLCLientPolicy attributes
dns-server value 4.2.2.2
vpn-tunnel-protocol svc
address-pools value vpnpool
group-policy DfltGrpPolicy attributes
dns-server value 4.2.2.2
vpn-tunnel-protocol svc webvpn
address-pools value vpnpool
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool vpnpool
tunnel-group DefaultWEBVPNGroup webvpn-attributes
group-alias SSLVPNClient enable
tunnel-group SSLClientProfile type remote-access
!
access-list nat0 extended permit ip 10.191.191.0 255.255.255.0 10.199.199.0 255.255.255.0
nat (inside) 0 access-list nat0
any idea what is wrong?
i have been stumped on this for hours
thanks
ERRROR posted below since out of space
07-20-2009 08:38 PM
%ASA-5-737003: IPAA: DHCP configured, no viable servers found for tunnel-group 'DefaultWEBVPNGroup'
%ASA-4-722041: TunnelGroup
%ASA-5-722033: Group
%ASA-4-722051: Group
webvpn_rx_data_tunnel_connect
CSTP state = HEADER_PROCESSING
http_parse_cstp_method()
...input: 'CONNECT /CSCOSSLC/tunnel HTTP/1.1'
webvpn_cstp_parse_request_field()
...input: 'Host: c-asasasdadsdasadsfast.net'
Processing CSTP header line: 'Host: asdfsdfsadf.asdfadfsf.net'
webvpn_cstp_parse_request_field()
...input: 'User-Agent: Cisco AnyConnect VPN Agent for Windows 2.3.2016'
Processing CSTP header line: 'User-Agent: Cisco AnyConnect VPN Agent for Windows 2.3.2016'
Setting user-agent to: 'Cisco AnyConnect VPN Agent for Windows 2.3.2016'
webvpn_cstp_parse_request_field()
...input: 'Cookie: webvpn=2839526471@262144@1248130490@E8EA84BBD9CB0B605099F7E7C7E65F5FC6CEB67A'
Processing CSTP header line: 'Cookie: webvpn=2839526471@262144@1248130490@E8EA84BBD9CB0B605099F7E7C7E65F5FC6CEB67A'
Found WebVPN cookie: 'webvpn=2839526471@262144@1248130490@E8EA84BBD9CB0B605099F7E7C7E65F5FC6CEB67A'
WebVPN Cookie: 'webvpn=2839526471@262144@1248130490@E8EA84BBD9CB0B605099F7E7C7E65F5FC6CEB67A'
IPADDR: '2839526471', INDEX: '262144', LOGIN: '1248130490'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-Version: 1'
Processing CSTP header line: 'X-CSTP-Version: 1'
Setting version to '1'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-Hostname: asd-PC'
Processing CSTP header line: 'X-CSTP-Hostname: e'
Setting hostname to: 'asd-PC'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-Accept-Encoding: deflate;q=1.0'
Processing CSTP header line: 'X-CSTP-Accept-Encoding: deflate;q=1.0'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-MTU: 1406'
07-20-2009 08:38 PM
Processing CSTP header line: 'X-CSTP-MTU: 1406'
webvpn_cstp_parse_request_field()
%ASA-5-722010: Group
%ASA-5-722037: Group
%ASA-4-113019: Group = DefaultWEBVPNGroup, Username = guest, IP = connectingip, Session disconnected. Session Type: SSL, Duration: 0h:00m:05s, Bytes xmt: 11323, Bytes rcv: 3138, Reason: User Requested
...input: 'X-CSTP-Address-Type: IPv6,IPv4'
Processing CSTP header line: 'X-CSTP-Address-Type: IPv6,IPv4'
webvpn_cstp_parse_request_field()
...input: 'X-DTLS-Master-Secret: D9DB873DDC2A1B14B3E35AD78BBE0EED3EB3850EC8712364C543DBDDBE0D0BFEA5171E7DE46A0C8BE9EBEB6AF36F26D7'
Processing CSTP header line: 'X-DTLS-Master-Secret: D9DB873DDC2A1B14B3E35AD78BBE0EED3EB3850EC8712364C543DBDDBE0D0BFEA5171E7DE46A0C8BE9EBEB6AF36F26D7'
webvpn_cstp_parse_request_field()
...input: 'X-DTLS-CipherSuite: AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA'
Processing CSTP header line: 'X-DTLS-CipherSuite: AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-Protocol: Copyright (c) 2004 Cisco Systems, Inc.'
Processing CSTP header line: 'X-CSTP-Protocol: Copyright (c) 2004 Cisco Systems, Inc.'
Validating address: 0.0.0.0
CSTP state = WAIT_FOR_ADDRESS
webvpn_cstp_accept_address: 10.199.199.1/255.255.255.0
webvpn_cstp_accept_ipv6_address: No IPv6 Address
CSTP state = HAVE_ADDRESS
SVC: NP setup
np_svc_create_session(0x40000, 0xD5291360, TRUE)
webvpn_svc_np_setup
SVC ACL Name: NULL
SVC ACL ID: -1
SVC ACL ID: -1
vpn_put_uauth success!
SVC IPv6 ACL Name: NULL
SVC IPv6 ACL ID: -1
SVC: adding to sessmgmt
SVC: Sending response
Unable to initiate NAC, NAC might not be enabled or invalid policy
CSTP state = CONNECTED
webvpn_rx_data_cstp
webvpn_rx_data_cstp: got message
SVC message: t/s=3/16: Failed to fully establish a connection to the secure gateway (proxy authentication, handshake, bad cert, etc.).
Called vpn_remove_uauth: success!
webvpn_svc_np_tear_down: no ACL
webvpn_svc_np_tear_down: no IPv6 ACL
np_svc_destroy_session(0x40000)
08-18-2009 01:04 PM
Anyone come up with information on the above error. I have some users that are starting to see it after upgrading to 2.3.2016. At first glance they appear to all be Vista machines.
My error is as follows:
SVC Message: 16/ERROR: Failed to fully establish a connection to the secure gateway (proxy authentication, handshake, bad cert, etc.)..
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: