WEBVPN always connect by anyconnect

Unanswered Question
Sep 17th, 2010
User Badges:

Hi


I'm settin up the WebVPN/SSL connection on ASA 5520. The anyconnect and IPSec is working fine. BUt when u try to connect by webvpn, My connecion always connecteb by sslanyconnect.


I set on group police this line


svc ask enable default webvpn timeout 10


But eve if the "web" doesn't show the question for me and connect automatically by ssl anyconnect..



My ios is asa832-k8.bin and anynnoect client is anyconnect-win-2.5.0217-k9.pkg



Somebody can help me ?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Fri, 09/17/2010 - 17:45
User Badges:
  • Cisco Employee,

What license do you have for the SSL VPN? Can you please share the output of "show version"?

FPENTEADO Mon, 09/20/2010 - 06:24
User Badges:

This is my show version



Cisco Adaptive Security Appliance Software Version 8.3(2)
Device Manager Version 6.3(4)


Compiled on Fri 30-Jul-10 17:49 by builders
System image file is "disk0:/asa832-k8.bin"
Config file at boot was "startup-config"


gfispo01 up 3 days 15 hours


Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB


Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.06
0: Ext: GigabitEthernet0/0  : address is 68ef.bdb1.4e12, irq 9
1: Ext: GigabitEthernet0/1  : address is 68ef.bdb1.4e13, irq 9
2: Ext: GigabitEthernet0/2  : address is 68ef.bdb1.4e14, irq 9
3: Ext: GigabitEthernet0/3  : address is 68ef.bdb1.4e15, irq 9
4: Ext: Management0/0       : address is 68ef.bdb1.4e11, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5


Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited      perpetual
Maximum VLANs                  : 150            perpetual
Inside Hosts                   : Unlimited      perpetual
Failover                       : Active/Active  perpetual
VPN-DES                        : Enabled        perpetual
VPN-3DES-AES                   : Enabled        perpetual
Security Contexts              : 2              perpetual
GTP/GPRS                       : Disabled       perpetual
SSL VPN Peers                  : 10             perpetual
Total VPN Peers                : 750            perpetual
Shared License                 : Disabled       perpetual
AnyConnect for Mobile          : Disabled       perpetual
AnyConnect for Cisco VPN Phone : Disabled       perpetual
AnyConnect Essentials          : Enabled        perpetual
Advanced Endpoint Assessment   : Disabled       perpetual
UC Phone Proxy Sessions        : 2              perpetual
Total UC Proxy Sessions        : 2              perpetual
Botnet Traffic Filter          : Disabled       perpetual
Intercompany Media Engine      : Disabled       perpetual


This platform has an ASA 5520 VPN Plus license.


Serial Number: JMX1421L46T
Running Permanent Activation Key: 0x4d0ac668 0x90d52bc7 0xc1a2fd98 0xcb10d0e4 0x4d0df39c
Configuration register is 0x1
Configuration last modified by enable_15 at 20:05:20.525 BRST Fri Sep 17 2010

FPENTEADO Mon, 09/20/2010 - 07:33
User Badges:

How you can see, my licenses are ok


SSL VPN Peers                  : 10             perpetual


I don't know what more i have to do

peter.ferl Mon, 09/20/2010 - 07:58
User Badges:

Look at this line from your show version output:


AnyConnect Essentials          : Enabled        perpetual

FPENTEADO Mon, 09/20/2010 - 08:00
User Badges:

So I'll have to disable this license ? I wanna use the three options, ipsec, ssl and webvpn

FPENTEADO Mon, 09/20/2010 - 08:13
User Badges:

I again


Even if i disable this license, is it possible connect by anyconnect if I want ?


Many thanks ?

peter.ferl Tue, 09/21/2010 - 04:21
User Badges:

Issue the sh vpn-sessiondb summary command.

you may see a license information, which differs from your SSL-VPN peers in the show version.


If you "disable" the anyconnect essential you will fall back to the amount of users shown in the show version for SSL-VPN peers.

Actions

This Discussion