D/L AnyConnect-win-3.0 from 5505 ASA / Web deployment

Unanswered Question
Feb 1st, 2012
User Badges:

Hi Folks,

The Specs,

Win 7

ASA 5505


Attempting Web Deployment

I'm working with the ASA and a directly connected laptop running Win 7 and I'm trying to configure the AnyConnect client to download and install. I have used these before, just never with webVPN.  I'm using local authentication on the ASA. When I point IE9 to the ASA I get the login prompt and the option to select from which group. Here's where the problem starts....

When I go to the VPN webpage and login with a known good username and password nothing happens. It just brings me right back to the login screen. No errors appear. When I run "show vpn-sessiondb" on the ASA it does show that there is a session. ( I have the default 2 max connections). But I never get the ActiveX to start the d/l. of the client. Every seond time I attempt this I have to go into the asa and disconnect the 2 sessions.

My users have full 15 permissions and I have gone through the connection wizard a few times. I have also worked through the Cisco Guide located here --> http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/ac02asaconfig.html

Any thoughts ?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jcarbonette Wed, 02/01/2012 - 08:12
User Badges:

So as it turns out, This setup work ok on Win XP. I tested this with another XP laptop. I was able to connect and d/l the client through ActiveX.

Now my issue is that when I run the wizard and un-check the SSL protocol, leaving only IPSEC I get an error saying

"The secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication. The following message was received from the secure gateway: CSTP is not enabled".

I have googled CSTP and cannot find anything on this? Anyone guide me in the right direction?


thomasdupont Thu, 05/17/2012 - 09:01
User Badges:

I am having the exact same issue. Did you ever find any additional information regarding this problem?

COR WEIJ Fri, 09/27/2013 - 02:33
User Badges:

I resolved it now for us.

In the Server list entry in the ANY connect client profile the Host Address was filled in with an IP number.

I changed that to the FQDN and as of that moment the connection succeeds.

COR WEIJ Fri, 09/27/2013 - 01:55
User Badges:

I have the same problem. I can't find any inormation about this error. The only thing I found is that CSTP is a proprietary Cisco protocol. But ther isn't any solution mentioned. I'm searching for it more than a week now.

Does anybody have a solution, please !!!


This Discussion

Related Content