cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1099
Views
0
Helpful
8
Replies

WEBVPN always connect by anyconnect

FPENTEADO
Level 1
Level 1

Hi

I'm settin up the WebVPN/SSL connection on ASA 5520. The anyconnect and IPSec is working fine. BUt when u try to connect by webvpn, My connecion always connecteb by sslanyconnect.

I set on group police this line

svc ask enable default webvpn timeout 10

But eve if the "web" doesn't show the question for me and connect automatically by ssl anyconnect..

My ios is asa832-k8.bin and anynnoect client is anyconnect-win-2.5.0217-k9.pkg

Somebody can help me ?

Thanks

8 Replies 8

Jennifer Halim
Cisco Employee
Cisco Employee

What license do you have for the SSL VPN? Can you please share the output of "show version"?

This is my show version

Cisco Adaptive Security Appliance Software Version 8.3(2)
Device Manager Version 6.3(4)

Compiled on Fri 30-Jul-10 17:49 by builders
System image file is "disk0:/asa832-k8.bin"
Config file at boot was "startup-config"

gfispo01 up 3 days 15 hours

Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.06
0: Ext: GigabitEthernet0/0  : address is 68ef.bdb1.4e12, irq 9
1: Ext: GigabitEthernet0/1  : address is 68ef.bdb1.4e13, irq 9
2: Ext: GigabitEthernet0/2  : address is 68ef.bdb1.4e14, irq 9
3: Ext: GigabitEthernet0/3  : address is 68ef.bdb1.4e15, irq 9
4: Ext: Management0/0       : address is 68ef.bdb1.4e11, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited      perpetual
Maximum VLANs                  : 150            perpetual
Inside Hosts                   : Unlimited      perpetual
Failover                       : Active/Active  perpetual
VPN-DES                        : Enabled        perpetual
VPN-3DES-AES                   : Enabled        perpetual
Security Contexts              : 2              perpetual
GTP/GPRS                       : Disabled       perpetual
SSL VPN Peers                  : 10             perpetual
Total VPN Peers                : 750            perpetual
Shared License                 : Disabled       perpetual
AnyConnect for Mobile          : Disabled       perpetual
AnyConnect for Cisco VPN Phone : Disabled       perpetual
AnyConnect Essentials          : Enabled        perpetual
Advanced Endpoint Assessment   : Disabled       perpetual
UC Phone Proxy Sessions        : 2              perpetual
Total UC Proxy Sessions        : 2              perpetual
Botnet Traffic Filter          : Disabled       perpetual
Intercompany Media Engine      : Disabled       perpetual

This platform has an ASA 5520 VPN Plus license.

Serial Number: JMX1421L46T
Running Permanent Activation Key: 0x4d0ac668 0x90d52bc7 0xc1a2fd98 0xcb10d0e4 0x4d0df39c
Configuration register is 0x1
Configuration last modified by enable_15 at 20:05:20.525 BRST Fri Sep 17 2010

How you can see, my licenses are ok

SSL VPN Peers                  : 10             perpetual

I don't know what more i have to do

peter.ferl
Level 1
Level 1

Look at this line from your show version output:

AnyConnect Essentials          : Enabled        perpetual

So I'll have to disable this license ? I wanna use the three options, ipsec, ssl and webvpn

peter.ferl
Level 1
Level 1

IF you want to have a clientless "Portal", yes.

I again

Even if i disable this license, is it possible connect by anyconnect if I want ?

Many thanks ?

Issue the sh vpn-sessiondb summary command.

you may see a license information, which differs from your SSL-VPN peers in the show version.

If you "disable" the anyconnect essential you will fall back to the amount of users shown in the show version for SSL-VPN peers.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: