Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AnyConnect VPN on Cisco IOS router problem

Hi all,

I am using a Cisco 871 IOS router with IOS software release 12.4(20)T (Adv.Security) and the following configuration for SSL VPN access.

aaa new-model

!

aaa authentication login VPNCLIENT local

aaa authorization network VPNGROUP local

crypto pki trustpoint TP-self-signed-1188774920

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1188774920

revocation-check none

rsakeypair TP-self-signed-1188774920

!

username remote privilege 0 secret xxx

!

!

interface FastEthernet4

ip address 192.168.32.125 255.255.255.240

!

interface Loopback10

ip address 192.168.32.142 255.255.255.240

!

ip local pool VPN-1 192.168.32.129 192.168.32.138

!

webvpn gateway webvpngw-1

ip address 192.168.32.125 port 443

ssl trustpoint TP-self-signed-1188774920

logging enable

inservice

!

webvpn install svc flash:/webvpn/svc_1.pkg sequence 1

!

webvpn context webvpncontext-1

ssl authenticate verify all

!

policy group webvpngroup-1

functions svc-enabled

timeout idle 3600

svc address-pool "VPN-1"

svc default-domain "home.loc"

svc keep-client-installed

svc dpd-interval gateway 30

svc rekey method new-tunnel

svc split include 192.168.32.0 255.255.255.128

svc split include 192.168.32.181 255.255.255.255

svc dns-server primary 192.168.32.109

default-group-policy webvpngroup-1

aaa authentication list VPNCLIENT

aaa authorization list VPNGROUP

gateway webvpngw-1

max-users 10

user-profile location flash:webvpn/webvpncontext-1/

logging enable

inservice

!

On the client side im using AnyConnect VPN Client version 2.2.0.133.

When I connect to the specified IP address (192.168.32.125) I've been asked for username and password. After successfull username/password

verfification I got the error message:

"An error was received from the secure gateway in response to the VPN negotiation request. Please contact your network administrator."

For troubleshooting I turned on the following debug commands.

debug webvpn tunnel

debug webvpn verbose

debug webvpn aaa

debug webvpn cookie

debug webvpn package

debug webvpn entry webvpncontext-1

You can find the output in the attachement

When the connection is closed - the debug shows the following message:

008305: Jul 18 11:35:21.940 CEST: %SSLVPN-5-SSL_TLS_ERROR: vw_ctx: webvpncontext-1 vw_gw: webvpngw-1 i_vrf: 0 f_vrf: 0 status: SSL/TLS connection

error with remote at 192.168.32.2:1823

If you have any idea, pleas let me know!

Many thanks!!!

Best regards

Peter

1 REPLY
Silver

Re: AnyConnect VPN on Cisco IOS router problem

1. Uninstalled and re-installed the webvpn package and the anyconnect package.

2. Assign the different pool for both ipsec and anyconnect clients.

1034
Views
0
Helpful
1
Replies