Clientless VPN Connection

pastortscog1 · ‎11-12-2014

ASA version: 8.2(1), ASDM version: 6.2(1), Device Type ASA 5540

I use the Wizard to create a clientless VPN. When I try to access VPN, it will not display a logon banner. I get page can not be displayed.

webvpn
enable OUTSIDE
svc image disk0:/anyconnect-win-2.3.0254-k9.pkg 1
svc enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
webvpn
url-list value LSWMDD
group-policy SABVPN internal
group-policy SABVPN attributes
banner none
vpn-tunnel-protocol webvpn
group-policy DLADAPS internal
group-policy DLADAPS attributes
dns-server value 206.30.20.10 206.30.20.8
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol IPSec svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DLADAPS
default-domain value nanw.ds.army.mil
group-policy AIRFORCEVPN internal
group-policy AIRFORCEVPN attributes
dns-server value 206.30.20.10 206.30.20.8
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value AIRFORCEVPN_splitTunnelAcl
default-domain value nanw.ds.army.mil
group-policy DOLWMDDVPN internal
group-policy DOLWMDDVPN attributes
dns-server value 206.30.20.10 206.30.20.8
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol IPSec svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DOLWMDDVPNCLIENT_splitTunnelAcl
default-domain value nanw.ds.army.mil
webvpn
url-list none
username John.M password cQan8plLN9eaLZU. encrypted privilege 5
username John.M attributes
vpn-group-policy DLADAPS
service-type admin
username AIRFORCEVPN password 25ypW8Yr10fxCJSa encrypted privilege 5
username AIRFORCEVPN attributes
vpn-group-policy AIRFORCEVPN
username John.Doe password LCiP9VY.Q4v4nCb6 encrypted privilege 15
tunnel-group DOLWMDDVPN type remote-access
tunnel-group DOLWMDDVPN general-attributes
address-pool DOLWMDDIPPOOL
default-group-policy DOLWMDDVPN
tunnel-group DOLWMDDVPN ipsec-attributes
pre-shared-key *
tunnel-group DLADAPS type remote-access
tunnel-group DLADAPS general-attributes
address-pool DOLWMDDIPPOOL
default-group-policy DLADAPS
tunnel-group DLADAPS ipsec-attributes
pre-shared-key *
tunnel-group AIRFORCEVPN type remote-access
tunnel-group AIRFORCEVPN general-attributes
address-pool DOLWMDDIPPOOL
default-group-policy AIRFORCEVPN
tunnel-group AIRFORCEVPN ipsec-attributes
pre-shared-key *
tunnel-group 131.78.30.200 type ipsec-l2l
tunnel-group 131.78.30.200 ipsec-attributes
pre-shared-key *
tunnel-group SABVPN type remote-access
tunnel-group SABVPN general-attributes
address-pool DOLWMDDIPPOOL
default-group-policy SABVPN
tunnel-group SABVPN webvpn-attributes
group-alias SABVPN enable
group-url https://140.153.60.170/SABVPN enable
!

David Johan Castro Fernandez · ‎11-14-2014

Hello,

I see that the public IP address you are using is not accessible from the outside at all, make sure that you are using the default port for this --> 443, also just to isolate this, enable the access of the clientless from your inside interface and try to access it by the inside IP address on your inside network:

webvpn
enable inside

Try to open the clientless, it that opens it seems that you are having issues with the port on that case, either ways we can take a capture from the Outside IP address to the public IP address of the outside computer:

capture CAP interface outside match tcp host <Outside_IP_ASA> host <Public_IP_COMPUTER>

Let me know how it works out,

Don't Forget to rate and mark as correct the helpful Post!

David Castro,

Regards,