The group policy we are currently using for anyconnect is assigned to only use sslvpn client as the tunneling protocol. Whenever anyone connects directly from anyconnect it shows them as a clientless session. Any ideas on this? Needing this fast if anyone can help?
I'm seeing the same issue with a client- running ASA 8.2 code and latest AnyConnect. Did you get any answers on this?
I was told I needed to upgrade for my anyconnect essentials license to work. So I upgrade to 8.2 last night, still not working, back to the TAC unless someone has any ideas?
After a call to the TAC again, I had to add this no statement to allow multiple ssl connections
sh run | include sessiondb
add a "no" to that, and now you will be allowed as many connections as your ASA can handle... i would give you the full command but I forgot it
The AnyConnect Essentials license provides basic VPN connectivity using AnyConnect only. With this license installed, clientless WebVPN and CSD will no longer function. I am assuming the command you were instructed to use was:
By disabling the AnyConnect Essentials functionality, the ASA will revert to the previous license installed. If this is the default license, then SSL VPN will be restricted to 2 simultaneous connections.
Since upgrading to 8.2.1, are you still seeing the AnyConnect sessions showing under the clientless session count?
no i did not disable anyconnect-essentials i disabled the maximum ssl sessions, ys they still show up as clientless, but we can now run more than 2 sessions
here we go i reviewed my tac log..
removed this command:
vpn-sessiondb max-webvpn-session-limit 2
I tried this but then my load balancing between the two asa's does not work anymore. All users connect then to the backup asa, de vpn % load remains 0 when I use this command.
When I enable the command the load balancing is restored.
Or is the problem that the SSL load is to small. So 1 % load is 50 users (5000 / 100 % = 50 users per 1 %). So I must have 50 users before I see any load? I am still testing but not with 50 persons I need to know this for sure.
I use the anyconnect client essential license so I could use 5000 users on my 5550 (have two). The field in max-webvpn-session is standard set to 10. I cannot increase the number. When I set it to 1 only one client can connect to one asa. So the essential license is not working I think
Is this a bug?
Ok this is what I found for my two ASA 5550 with anyconnect essentials.
When I try to change the max number of ssl connection (standard 10) ASDM says I must enter a number between 1 and 10.
When I push the command through the cli:
vpn-sessiondb max-webvpn-session-limit 100. And then refresh ASDM displays 100, the SSL load on the ASA's is then 1% for 1 client and so this works.
I will now test with more then 20 users to see if I get over the 10 + 10 standard licenses of both the ASA 5550.
Any solution or explanation to this showing of clientless sessions while using anyconnect ?
I am using 8.3.2 and at my test environment the anyconnect connections show up like his :
Group Policy: SSL_VPN_POLICY
Connection Profile: ....
Assigned IP Address x.x.x.x
Public IP Address: y.y.y.y
Protocol Encryption: Clientless SSL-Tunnel DTLS-Tunnel RC4 AES128