08-04-2009 10:11 AM - edited 02-21-2020 03:36 AM
Hi;
i've installed the SSL gateway with anyconnect client.
Everythink is working fine, many times logged in and working, and after a few minutes the SSL gateway cannot be reached.
No error page, anything, just loading gateway page without result.
When I reinstall entire webvpn it works again and after about 30 minutes tha same problem appears
I dii 5 succesfull attempts.
I'm using 2081 with 12.4(20)T2, no access lists on the gateway interface
So it seems like ip http-secure doesn't response
Anybody knows ?
thanks
pet
08-04-2009 10:55 AM
Do you have SSL VPN user licenses installed on your ASA? If not, ASA comes with 2 SSL user licenses. When you connect to SSL VPN using web browser, ASA tends to create a user session for the clientless connection and then another session for the anyconnect connection. Some of the older ASA code releases had a problem where clientless sessions would get stuck on ASA for a long time. If you only have 2 user licenses, you might be running out of licenses. What version of code are you running? You might see better results with 8.0(4) or 8.2(1).
Regards,
Roman
08-04-2009 11:23 AM
Thank you fro your answer
I'm not using ASA, but cisco 2801 Software (C2801-ADVSECURITYK9-M), Version 12.4(20)T2.
So there should be predefined 25 user licences ( according to cisco requirements)
However there are no active connections now:
sh webvpn stats detail
User session statistics:
Active user sessions : 0 AAA pending reqs : 0
Peak user sessions : 2 Peak time : 02:14:47
Active user TCP conns : 0 Terminated user sessions : 5
Session alloc failures : 0 Authentication failures : 0
VPN session timeout : 0 VPN idle timeout : 0
User cleared VPN sessions: 1 Exceeded ctx user limit : 0
Exceeded total user limit: 0
Client process rcvd pkts : 885 Server process rcvd pkts : 0
Client process sent pkts : 14257 Server process sent pkts : 0
Client CEF received pkts : 6004 Server CEF received pkts : 0
Client CEF rcv punt pkts : 367 Server CEF rcv punt pkts : 0
Client CEF sent pkts : 0 Server CEF sent pkts : 0
Client CEF sent punt pkts: 0 Server CEF sent punt pkts: 0
SSLVPN appl bufs inuse : 0 SSLVPN eng bufs inuse : 0
Active server TCP conns : 0
But what is really funny that no debug is appearing during the website access
thanks
08-05-2009 10:13 AM
You are more than likely running into the following bug which was resolved in 12.4(20)T3. You can test the workaround by removing the http-redirect if configured. I would suggest that you upgrade the router to the suggested code.
08-12-2009 09:38 AM
Thank you, i removed the http-redirect and now it works
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide