11-12-2014 06:31 AM - edited 07-05-2021 01:55 AM
ASA version: 8.2(1), ASDM version: 6.2(1), Device Type ASA 5540
I use the Wizard to create a clientless VPN. When I try to access VPN, it will not display a logon banner. I get page can not be displayed.
webvpn
enable OUTSIDE
svc image disk0:/anyconnect-win-2.3.0254-k9.pkg 1
svc enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
webvpn
url-list value LSWMDD
group-policy SABVPN internal
group-policy SABVPN attributes
banner none
vpn-tunnel-protocol webvpn
group-policy DLADAPS internal
group-policy DLADAPS attributes
dns-server value 206.30.20.10 206.30.20.8
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol IPSec svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DLADAPS
default-domain value nanw.ds.army.mil
group-policy AIRFORCEVPN internal
group-policy AIRFORCEVPN attributes
dns-server value 206.30.20.10 206.30.20.8
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value AIRFORCEVPN_splitTunnelAcl
default-domain value nanw.ds.army.mil
group-policy DOLWMDDVPN internal
group-policy DOLWMDDVPN attributes
dns-server value 206.30.20.10 206.30.20.8
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol IPSec svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DOLWMDDVPNCLIENT_splitTunnelAcl
default-domain value nanw.ds.army.mil
webvpn
url-list none
username John.M password cQan8plLN9eaLZU. encrypted privilege 5
username John.M attributes
vpn-group-policy DLADAPS
service-type admin
username AIRFORCEVPN password 25ypW8Yr10fxCJSa encrypted privilege 5
username AIRFORCEVPN attributes
vpn-group-policy AIRFORCEVPN
username John.Doe password LCiP9VY.Q4v4nCb6 encrypted privilege 15
tunnel-group DOLWMDDVPN type remote-access
tunnel-group DOLWMDDVPN general-attributes
address-pool DOLWMDDIPPOOL
default-group-policy DOLWMDDVPN
tunnel-group DOLWMDDVPN ipsec-attributes
pre-shared-key *
tunnel-group DLADAPS type remote-access
tunnel-group DLADAPS general-attributes
address-pool DOLWMDDIPPOOL
default-group-policy DLADAPS
tunnel-group DLADAPS ipsec-attributes
pre-shared-key *
tunnel-group AIRFORCEVPN type remote-access
tunnel-group AIRFORCEVPN general-attributes
address-pool DOLWMDDIPPOOL
default-group-policy AIRFORCEVPN
tunnel-group AIRFORCEVPN ipsec-attributes
pre-shared-key *
tunnel-group 131.78.30.200 type ipsec-l2l
tunnel-group 131.78.30.200 ipsec-attributes
pre-shared-key *
tunnel-group SABVPN type remote-access
tunnel-group SABVPN general-attributes
address-pool DOLWMDDIPPOOL
default-group-policy SABVPN
tunnel-group SABVPN webvpn-attributes
group-alias SABVPN enable
group-url https://140.153.60.170/SABVPN enable
!
11-14-2014 03:31 PM
Hello,
I see that the public IP address you are using is not accessible from the outside at all, make sure that you are using the default port for this --> 443, also just to isolate this, enable the access of the clientless from your inside interface and try to access it by the inside IP address on your inside network:
webvpn
enable inside
Try to open the clientless, it that opens it seems that you are having issues with the port on that case, either ways we can take a capture from the Outside IP address to the public IP address of the outside computer:
capture CAP interface outside match tcp host <Outside_IP_ASA> host <Public_IP_COMPUTER>
Let me know how it works out,
Don't Forget to rate and mark as correct the helpful Post!
David Castro,
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide