×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco ASA 8.2 - anyconnect-essentials

Answered Question
Nov 16th, 2013
User Badges:

Experts


I need to enable the command anyconnect-essentials in my webvpn configuration.


When I do show run webvpn  I see:

no anyconnect-essentials.


If I go to webvpn:

(config-webvpn)anyconnect-essentials  ( then hit enter)  I get this error message:


Clientless sessions currently active:3

After all clientless sessions are disconnected, manually enable Anyconnect Essentials using ASDM or "anyconnect-essentials" CLI under webvpn mode.


For some Reason JAVA is screwed up and I can't run ASDM. 



How Do I disconnect the Clientless sessions via CLI in order to add the command

"anyconnect-essentials"


Thanks for your help!!

Correct Answer by Marcin Latosiewicz about 3 years 9 months ago
vpn-sessiondb logoff ....
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Ranbeckycr_2 Sat, 11/16/2013 - 06:53
User Badges:

Marcin,


Thanks for the quick response.

Question, will this only disconnect the Clientless sessions or will it also affect the other SA's?


If I run a show cry isa sa ---> It shows    Active SA:  57


I need to know if these 57 VPN tunnels will be affected.   :-)


Thanks again!!

Dinesh Moudgil Sat, 11/16/2013 - 07:26
User Badges:
  • Cisco Employee,

vpn-sessiondb logoff

To log off all or selected VPN sessions, use the vpn-sessiondb logoff command in global configuration mode.

vpn-sessiondb logoff {remote | l2l | webvpn | email-proxy | protocol protocol-name | name username | ipaddressIPaddr | tunnel-group groupname | index indexnumber | all}



Richard Burts Sat, 11/16/2013 - 08:21
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

I am somewhat puzzled. When you look for show cry isa sa  you are looking for ISAKMP but this is used for IPSec. I would expect the clientless and the AnyConnect sessions to be SSL based and not IPSec ISAKMP based.


I would also ask whether you already have installed the AnyConnect Essentials license on this ASA.


HTH


Rick

Marcin Latosiewicz Sat, 11/16/2013 - 08:47
User Badges:
  • Cisco Employee,

Hehe, good point, although this might be AC IKEv2 tunnels :-)


@Randall yes, you're probably looking for clearing your SSL connections as Rick mentions.

Richard Burts Sat, 11/16/2013 - 08:50
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

I sort of wondered about that until I remembered that the title of the thread says that the ASA is running 8.2 code.


HTH


Rick

Ranbeckycr_2 Sat, 11/16/2013 - 10:26
User Badges:

Thanks a bunch for the help, @Richard: Anyconnect license is already installed because it was previously working. I noticed that configuration change today after the reboot. I didn´t know if the SA and Clientless where related, but I know understand that they are 2 separte things completely.


*- Just to clarify, if I run the vpn-sessiondb logoff it will knock out all the clientless sessions.


So step 1:  Run vpn-sessiondb logoff

Step 2:Run in (config-webvpn)anyconnect-essentials



Sounds about right?


Once again, thanks

Actions

This Discussion