07-06-2010 03:46 PM - edited 02-21-2020 04:43 PM
Hello,
I've got a problem and some questions about a test router I'm setting up in the lab.
I'm just trying to get Anyconnect VPN to work, and I've really been running around in circles trying to figure the bugger out - there is a huge amount of at least partially conflicting information out there, no doubt because of the 871.
I'm using IOS version 12.4(24)T, with sslclient-win-1.1.4.179-anyconnect.pkg as my SSL client. I have no idea if it's the right one, but CCP accepted it.
I recall setting up Anyconnect once before, and the filename was most certainly different. Am I using the right one? It seems to me that there's at least three types of "Client VPN" that Cisco's can do. They are:
SSLVPN
SSL VPN SVC
Anyconnect SSL VPN
Or something like that. I've seen such an assortment, that I'm not sure what's what. What is the difference between them, especially as far as Anyconnect is concerned?
What's up with that "SVC" designation? A few guides I've seen have mentioned it specifically.
Ok, moving on to my troubles.
The problem I'm having right now is when I browse to the VPN page, I get a blank screen that's "Done". Am I correct in thinking I've missed a setting somewhere, or is it perhaps related to the anyconnect package I'm using?
Here's my running-config:
---------------------------------------
Current configuration : 4618 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco871
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
no logging buffered
enable secret 5 $1$OTpa$smj0mTouZOMp01yDNwW1W0
enable password hidden
!
aaa new-model
!
!
aaa authentication login sslvpn local
!
!
aaa session-id common
!
crypto pki trustpoint MyCert
enrollment selfsigned
serial-number
revocation-check crl
!
!
crypto pki certificate chain MyCert
certificate self-signed 02
blah numbers blah
quit
dot11 syslog
ip source-route
!
!
!
ip dhcp pool vpnpool
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 208.67.222.222 208.67.220.220
lease 28
!
!
ip cef
no ip domain lookup
ip domain name domain.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username blargle privilege 15 password 0 blargle
!
!
!
archive
log config
hidekeys
!
!
ip ssh version 2
!
!
!
interface Loopback1
description SSL DHCP Pool Gateway Address
ip address 192.168.250.1 255.255.255.0
!
interface Loopback2
description SSL VPN Website Address
ip address 10.10.10.1 255.255.255.0
!
interface FastEthernet0
!
interface FastEthernet1
shutdown
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
ip address 10.1.70.5 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan2
no ip address
!
ip local pool sslvpnpool 192.168.250.2 192.168.250.100
ip default-gateway 10.1.70.1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.1.70.1
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
!
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 10.10.10.1 443 interface FastEthernet0 443
ip nat inside source static tcp 10.10.10.1 80 interface FastEthernet0 80
!
ip access-list extended INTERNET_ACL
remark Used with CBAC(?)
permit icmp any any unreachable
permit icmp any any packet-too-big
permit icmp any any time-exceeded
permit tcp any any eq 443 www
deny ip any any log
ip access-list extended VTY_ACL
permit ip 192.168.0.0 0.0.0.255 any
deny ip any any log
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
password 8letters
transport input telnet ssh
!
scheduler max-task-time 5000
!
webvpn gateway MyGateway
ip address 10.10.10.1 port 443
http-redirect port 80
ssl trustpoint MyCert
inservice
!
webvpn install svc flash:/webvpn/svc_1.pkg sequence 1
!
webvpn context SecureMeContext
title "My Wintastic VPN Service"
ssl authenticate verify all
!
login-message "Welcome to the VPN. It's tasty!"
!
policy group MyDefaultPolicy
functions svc-enabled
svc address-pool "sslvpnpool"
svc keep-client-installed
default-group-policy MyDefaultPolicy
aaa authentication list sslvpn
gateway MyGateway domain testvpn
max-users 100
inservice
!
end
07-06-2010 04:33 PM
So, it turns out I was entering the URL wrong. Glad I caught that one.
In any case, I got this message once I logged in:
The installer was not able to start the Cisco SSL VPN Client.
I got an IP address from my pool, but the software very clearly failed to install. Is it possible there is a conflict with an already installed version? Is there some specific logging settings I should enable?
Once again, thanks for your time.
07-07-2010 06:00 AM
Yes, there is a conflict with a software that is already installed on your PC. Unsinstall any such applications and try again.
Also note that you need to figure out the correct vpn client package for the IOS running on the router and the OS on the PC.
07-07-2010 12:35 PM
I removed the Anyconnect software already installed on my computer, and I am having the same problem, although it seems like I've made it further than before.
I see that the page is titled "No Support". I imagine this means I'm using the wrong Anyconnect client, but in that case, which one should I be using? Does any Anyconnect client (that's for my OS) work, or do I need a specific version for the 871, like a IOS version or something?
Basically, am I getting the "No Support" because my computer is incompatible with the Anyconnect client it's using, or because the Cisco isn't compatible with the version of Anyconnect on it?
07-18-2010 10:31 PM
The anyconnect client that you are using is slightly old. Why dont you try a later version like 2.4 or 2.5?
What OS are you using on your anyclient host?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: