anyconnect version 2.4 second host entry gets invalid host entry please re-enter

Answered Question
Jan 4th, 2010

Hi,

I have an ASA 5520,   running 8.21,  anyconnect 2.4.  I have the profile on the ASA downloading with the client.  I have a second ASA as a backup VPN server as well, they are configured as identically as possible. 

If I connect on the first ASA using the hostname  "vpn1.companyx.com", all works fine.     when I go to connect to the second ASA using the hostname "vpn2.companyx.com"  on the anyconnect client, I get the error message  "invalid host entry".  the xml profile tests as fine,  the host entries are both resolvable in dns and the vpn2 system repsonds fine using IP address.  It seems to be a anyconnect issue...

thoughts?

I have this problem too.
0 votes
Correct Answer by hdashnau about 6 years 11 months ago

-Are you using a group-url on one ASA and not the other?

-Do you have "StandardUser" in your xml profile. If you create a new profile with a new name that does not have this setting does it work?

-If you have want to make it work with "StandardUser" in your xml profile, heres an example:



   vpn.cisco.com
   vpn.cisco.com
   CSCVPNUsers



The ASA will initiate a connection to:

https://vpn.cisco.com/CSCVPNUsers

In order for the ASA to send back the proper information, that group URL would have to exist under your tunnel-group/connection profile
In the configuration:

tunnel-group CSCVPNUsers webvpn-attributes
group-url https://vpn.cisco.com/CSCVPNUsers enable


-heather
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
hdashnau Mon, 01/04/2010 - 13:16

-Are you using a group-url on one ASA and not the other?

-Do you have "StandardUser" in your xml profile. If you create a new profile with a new name that does not have this setting does it work?

-If you have want to make it work with "StandardUser" in your xml profile, heres an example:



   vpn.cisco.com
   vpn.cisco.com
   CSCVPNUsers



The ASA will initiate a connection to:

https://vpn.cisco.com/CSCVPNUsers

In order for the ASA to send back the proper information, that group URL would have to exist under your tunnel-group/connection profile
In the configuration:

tunnel-group CSCVPNUsers webvpn-attributes
group-url https://vpn.cisco.com/CSCVPNUsers enable


-heather
j-cutler Mon, 01/04/2010 - 14:42

That did it.   The group url was tied to the vpn2 entry.

Thanks!

Actions

This Discussion