Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
623
Views
5
Helpful
4
Replies

Can't connect to webvpn SSL gateway after a couple of minutes

peter_jevos
Level 1
Level 1

‎08-04-2009 10:11 AM - edited ‎02-21-2020 03:36 AM

Hi;

i've installed the SSL gateway with anyconnect client.

Everythink is working fine, many times logged in and working, and after a few minutes the SSL gateway cannot be reached.

No error page, anything, just loading gateway page without result.

When I reinstall entire webvpn it works again and after about 30 minutes tha same problem appears

I dii 5 succesfull attempts.

I'm using 2081 with 12.4(20)T2, no access lists on the gateway interface

So it seems like ip http-secure doesn't response

Anybody knows ?

thanks

pet

0 Helpful
4 Replies 4

Roman Rodichev
Level 7
Level 7

‎08-04-2009 10:55 AM

Do you have SSL VPN user licenses installed on your ASA? If not, ASA comes with 2 SSL user licenses. When you connect to SSL VPN using web browser, ASA tends to create a user session for the clientless connection and then another session for the anyconnect connection. Some of the older ASA code releases had a problem where clientless sessions would get stuck on ASA for a long time. If you only have 2 user licenses, you might be running out of licenses. What version of code are you running? You might see better results with 8.0(4) or 8.2(1).

Regards,

Roman

0 Helpful

peter_jevos
Level 1
Level 1
In response to Roman Rodichev

‎08-04-2009 11:23 AM

Thank you fro your answer

I'm not using ASA, but cisco 2801 Software (C2801-ADVSECURITYK9-M), Version 12.4(20)T2.

So there should be predefined 25 user licences ( according to cisco requirements)

However there are no active connections now:

sh webvpn stats detail

User session statistics:

Active user sessions : 0 AAA pending reqs : 0

Peak user sessions : 2 Peak time : 02:14:47

Active user TCP conns : 0 Terminated user sessions : 5

Session alloc failures : 0 Authentication failures : 0

VPN session timeout : 0 VPN idle timeout : 0

User cleared VPN sessions: 1 Exceeded ctx user limit : 0

Exceeded total user limit: 0

Client process rcvd pkts : 885 Server process rcvd pkts : 0

Client process sent pkts : 14257 Server process sent pkts : 0

Client CEF received pkts : 6004 Server CEF received pkts : 0

Client CEF rcv punt pkts : 367 Server CEF rcv punt pkts : 0

Client CEF sent pkts : 0 Server CEF sent pkts : 0

Client CEF sent punt pkts: 0 Server CEF sent punt pkts: 0

SSLVPN appl bufs inuse : 0 SSLVPN eng bufs inuse : 0

Active server TCP conns : 0

But what is really funny that no debug is appearing during the website access

thanks

0 Helpful

Todd Pula
Level 7
Level 7
In response to peter_jevos

‎08-05-2009 10:13 AM

You are more than likely running into the following bug which was resolved in 12.4(20)T3. You can test the workaround by removing the http-redirect if configured. I would suggest that you upgrade the router to the suggested code.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsx41624

peter_jevos
Level 1
Level 1
In response to Todd Pula

‎08-12-2009 09:38 AM

Thank you, i removed the http-redirect and now it works

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card