I have no idea what could be wrong. It was working before. I was doing some testing, removed the ssl and clientless ssl policy. Then I recreated them from scratch. But neither svc nor webvpn are working now.
I've made sure nobody is connected via ssl.
These are from the log and attached is the config.
4|Aug 16 2007|15:32:17|716007|||Group <DfltGrpPolicy> User <firstname.lastname@example.org> IP <188.8.131.52> WebVPN Unable to create session.
4|Aug 16 2007|15:32:17|716023|||Group <DfltGrpPolicy> User <email@example.com> IP <184.108.40.206> Session could not be established: session limit of 2 reached.
6|Aug 16 2007|15:32:17|734001|||DAP: User firstname.lastname@example.org, Addr 220.127.116.11, Connection Clientless: The following DAP records were selected for this connection: DfltAccessPolicy
Apparently you're running into the same bug I am. I opened a case with TAC yesterday because I was having trouble getting AnyConnect to work. They said there's a bug in the 8.0(2) code if you have 2 webvpn licenses.
The TAC engineer told me it has been fixed and will be included in the upcoming release to 8.0(3). They were supposed to have sent me beta code to test with yesterday, but I never received it. I also asked what the ETA was for the next release and was told they didn't have one yet.
Kinda sucks - I'd really like to test out AnyConnect and make sure it works before I start configuring it for our clients.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...