×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

AnyConnect Secure Mobility Client - using incorrect profile

Unanswered Question
May 29th, 2014
User Badges:

Hello,

I am working on a test configuration on an ASA 5545 with a single configured Connection Profile "VPN" (and the two default DefaultRAGroup and DefaultWEBVPNGroup)

"VPN" Connection Profile is the only one enabled for SSL.  The other two are not enabled.

"VPN" uses RSA, so the authentication dialog says "Passcode" instead of "Password".

If I set "Allow user to select connection profile on the login page", the correct Connection Profile is displayed in the list an there is no alternative in the list.  When I select Connect I am prompted for Username and Passcode as expected.  This works.

If I do not set "Allow user to select connection profile on the login page" the client does not display a list.  This is our desired config.  When you select Connect, you are prompted for Username and Password, not Passcode.  Authentication fails with password and passcode. 

So even though I only have one Connection Profile, it doesn't appear to use it unless I display it in the client.

The behavior is the same with the client or going to the web page.

Any idea how I can force "VPN" Connection Profile as the default and not display it to the end-users?

Thanks!

-------------------------------------------------------------------------------------------------------------------------------------------------------

Not sure if this helps, but a debug just logs the same thing repeatedly when it is failing:

WebVPN: unable to find webvpn session.
webvpn_session.c:http_webvpn_find_session[175]
WebVPN: unable to find webvpn session.
webvpn_file_encoding.c:webvpn_get_file_encoding_db_first[68]
webvpn_db.c:webvpn_get_server_db_first[161]

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tim-marvin Thu, 05/29/2014 - 16:19
User Badges:

Found that I was just missing a "Group URL".

Under AnyConnect Connection Profiles - Edit "VPN" profile - Advanced - Group Alias/Group URL - added a URL corresponding with the Alias and my FQDN and enabled it.

Look like CLI is simply "group-url https://<enter your FQDN here> enable"

 

Actions

This Discussion