08-10-2010 10:18 AM - edited 02-21-2020 04:47 PM
When trying to connect using the Cisco AnyConnect client (2.5.0.217) is received the following error message: Host Unreachable. However, if I enter my ASA's IP address in my browser, it prompts me to enter my username and passwords, downloads/updates the client and I cannot. Any idea what could be the issue? My ASA is running version 8.2(1) and ASDM version 6.2(1).
Thanks
08-10-2010 02:47 PM
Does your test client have a DNS server configured? Can you browse the Internet? Are you able to resolve the FQDN of your WebVPN to an IP?
08-10-2010 06:06 PM
Yes, my test client has a DNS server configured and I can browse the Internet. However, I only use my ASA's IP as I haven't registered my ASA in DNS. What I find strange and accidentally omitted from my original post is that, if I type my ASA's IP address in a browser (https://asa_ipaddress:4443) I get a login page prompting me to select a profile and enter a username and password, after which the client is downloaded and connected. However, if I simply launch the AnyConnect client and enter my ASA's IP address I receive the following error message: Connection attempt has failed:Host Unreachable.
08-10-2010 07:41 PM
Hello,
I guess the issue is with you enabling both ASDM and WebVPN on the outside
interface. Can you check to see if you have a "port 4443" in the
configuration?
webvpn
port 4443
If it is in there, then what you are seeing is normal. If you would like to
access WebVPN via port 443, then please remove the port command and change
the ASDM port to 4443.
http server enable 4443
Hope this helps.
Regards,
NT
08-11-2010 06:13 AM
Is that the best practice in this case? What does Cisco recommend?
08-11-2010 06:48 AM
If you are usinga non-standard SSL port, you will also need to specifiy the configured port when entering the IP address directly into the AnyConnect client. Without this, AnyConnect will try to connect on TCP 443 by default. You can also configure an AnyConnect XML profile to pre-position the hostname, IP address, and port so that your end users do not need to worry about it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide