SSL VPN Portal not working

Unanswered Question
Feb 17th, 2010
User Badges:

I'm trying to setup the SSL VPN portal:


When I connect via HTTPS to the ASA5520 outside interface I get the login prompt and after sucessfly login it takes me directly to the Anyconnect client download (starts Anyconnect immediately) even though in the group policy is configured to not prompt the use to chose the post login and the post login is ste to go to Clientless SSL VPN Portal?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
sjbdallas Thu, 04/14/2011 - 04:59
User Badges:

Did you ever figure this out?  I'm having that problem now.

sabafonsec Tue, 10/09/2012 - 09:19
User Badges:

I am having also the same issue, is there a solution for this?

Javier Portuguez Tue, 10/09/2012 - 12:20
User Badges:
  • Red, 2250 points or more

Hi there,


Is the AnyConnect essentials enabled? (show version + show run webvpn)

Is the clientless protocol allowed in the group-policy?

Is the session being landed on the correct connection profile?


Thanks.


Portu.


Please rate any helpful posts.

sabafonsec Tue, 10/09/2012 - 22:37
User Badges:

Hi Javier,


Answers to your questions:


Anyconnect is essential is enabled.

The clientless protocol is enabled in the group policy

There is only one connection profile for ssl VPN users.


below are parts of the current configuration.


======

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 250      
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled  
VPN-3DES-AES                   : Enabled  
Security Contexts              : 2        
GTP/GPRS                       : Disabled 
SSL VPN Peers                  : 100      
Total VPN Peers                : 5000     
Shared License                 : Disabled
AnyConnect for Mobile          : Enabled  
AnyConnect for Cisco VPN Phone : Disabled 
AnyConnect Essentials          : Enabled  
Advanced Endpoint Assessment   : Disabled 
UC Phone Proxy Sessions        : 2        
Total UC Proxy Sessions        : 2        
Botnet Traffic Filter          : Disabled 


=================
webvpn
enable outside
anyconnect-essentials
svc image disk0:/anyconnect-win-3.0.08057-k9.pkg 2
svc enable
tunnel-group-list enable



========


FW# sh run tunnel-group XXXX-SSL-Tunnel
tunnel-group XXXX-SSL-Tunnel type remote-access
tunnel-group XXXX-SSL-Tunnel general-attributes
accounting-server-group TACACS+
default-group-policy YYYY-SSL
tunnel-group XXXX-SSL-Tunnel webvpn-attributes
customization zzzz-Page-Appearance
group-alias xxxxssl enable



FW# sh run group-policy YYYY-SSL
group-policy YYYY-SSL internal
group-policy YYYY-SSL attributes
dns-server value 10.10.10.51 10.10.10.53
vpn-tunnel-protocol svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value AnyConn-SpiltTunnel
address-pools value AnyCon_pool
webvpn
  url-list value MMMM-Book-Mark
  filter value YYYY-SSL-ACL
  svc keep-installer installed
  svc ask none default webvpn
  customization value Page-Appearance
  hidden-shares none
  file-entry enable
  file-browsing enable
  url-entry enable


===================================

Thanks

Javier Portuguez Wed, 10/10/2012 - 05:19
User Badges:
  • Red, 2250 points or more

Hi,


Since AnyConnect Essentials is enabled under the webvpn settings, the ASA will not let you access the full WebPortal.


You will need to disabled AnyConnect Essentials in order to have full access.


Let me know.


Thanks.


Portu.


Please rate any helpful posts.


Message was edited by: Javier Portuguez

sabafonsec Wed, 10/10/2012 - 05:34
User Badges:

the issue is solved

Thanks alot Javier, clientless now is working normally.

Javier Portuguez Wed, 10/10/2012 - 10:09
User Badges:
  • Red, 2250 points or more

Great news


Please mark this post as answered please.


Have a good one.


Take care.

Actions

This Discussion