02-08-2014 07:45 PM - edited 02-21-2020 07:29 PM
Hi,
I just configured Anyconnect on my firewall and I am getting a error that has me stumped for last 2 days. I am running 8.2.5 version on my ASA 5520. I am getting the following error when I try to connect to the ASA SSL vpn from the web browser :
"Login denied, unauthorized connection mechanism, contact your administrator."
and getting following error if I try to connect to the asa from a previously installed anyconnect client :
"Anyconnect not enabled on the device"
Getting the following error with "Debug webvpn sessions" :
webvpn_create_session: 0x00036000 (54)
webvpn_destroy_session: 0x00036000 (54) -> Client type not supported
webvpn_destroy_session: SESS_Mgmt_FreeSession(0x00036000) (54)
webvpn_session_free: 0x00036000 (54)
My WebVpn configuration is correct ( mentioned below ) and I am still using the 2 trial license that comes default with the ASA.
Configuration :
asa5520# sh run webvpn
webvpn
enable Backup
enable Outside
svc image disk0:/anyconnect-macosx-i386-3.1.05152-k9.pkg 1
svc image disk0:/anyconnect-win-3.1.05152-k9.pkg 2
svc image disk0:/anyconnect-linux-64-3.1.05152-k9.pkg 3
svc image disk0:/anyconnect-linux-3.1.05152-k9.pkg 4
svc enable
tunnel-group-list enable
auto-signon allow ip 10.10.10.201 255.255.255.255 auth-type all
auto-signon allow ip 10.10.9.10 255.255.255.255 auth-type all
asa5520#
group-policy SSL-IT internal
group-policy SSL-IT attributes
dns-server value 10.10.9.101 10.10.9.100
vpn-tunnel-protocol svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SSL_SPLITACL
default-domain value XXXXX.com
split-dns value XXXXXX.com XXXXXX.com
tunnel-group SSL-IT type remote-access
tunnel-group SSL-IT general-attributes
address-pool SSLVPN_IT_Pool
authentication-server-group WindowsIAS
default-group-policy SSL-IT
tunnel-group SSL-IT webvpn-attributes
nbns-server SRV01_Private master timeout 2 retry 2
group-alias XXXX-IT enable
group-url https://sslvpn.XXXXXXX.com/it enable
IF it matters , the anyconnect was working fine during testing but when we added new group policies , it started giving this error. I have also rebooted the firewall just in case but still getting the same error.
Please if anyone had seen this issue before , it would be helpful to guide me in right direction.
Thank you
Manish
02-26-2014 11:00 AM
This is resolved, The issue was with the Windows IAS server configuration. After redoing the radius configuration in the server , anyconnect started to work properly.
Thanks
Manish
02-26-2014 02:51 PM
Thanks for providing us with your resolution. I upvoted your post to make the solution more visible to future folks with the same issue.
05-29-2015 02:53 PM
What was the solution? I'm currently having the same issues at the moment.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: