Cisco Support Community
Community Member

SSL VPN Problems configuring via CCA 2.2

I have configured the SSL VPN via CCA 2.2 and it does not seem to be working.   Here is what I have done so far.....

In CCA 2.2:

- Configure > Security > SSL VPN

- On the Advanced tab, I checked "Full Tunnel" and added IP address range

- Installed AnyConnect client package "anyconnect-win-2.4.0202-k9.pkg"

- Checked "Enable split tunneling" and added other networks

- The configuration was sent successfully to the router, but received an error about the firewall not recognized.

- Added entry to firewall to allow port 443 via the Public IP address of WAN interface.

Tried accessing via web browser remotely and received a Page cannot be displayed, also tried accessing via AnyConnect Client remotely and was unable to connect.

After going back into  SSL VPN in CCA (without making any changes in CLI), it told me that the configuration on the device was unrecognized and to continue I had to delete the current SSL VPN config and re-create it.   Even after recreating it still did not work.

Here is the configuration:

ip inspect name SDM_MEDIUM https

interface Loopback3

ip address

interface FastEthernet0/0

description $FW_OUTSIDE$

ip address

ip access-group 104 in

ip nat outside

ip inspect SDM_MEDIUM out

ip virtual-reassembly

duplex auto

speed auto

crypto map SDM_CMAP_1

service-policy input sdmappfwp2p_SDM_MEDIUM

service-policy output sdmappfwp2p_SDM_MEDIUM

interface Virtual-Template3 type serial

ip unnumbered Loopback3

ip nat inside

ip virtual-reassembly

ip local pool SDM_WEBVPN_POOL_1

access-list 104 permit tcp any host eq 443

webvpn gateway SDM_WEBVPN_GATEWAY_1

ip address port 443 

ssl trustpoint TP-self-signed-429721078



webvpn install svc flash:/webvpn/anyconnect-win-2.4.0202-k9.pkg sequence 1


webvpn context SDM_WEBVPN_CONTEXT_1

secondary-color white

title-color #CCCC66

text-color black

ssl authenticate verify all



policy group SDM_WEBVPN_POLICY_1

   functions svc-enabled

   svc address-pool "SDM_WEBVPN_POOL_1"

   svc split include

   svc split include

   svc split include

virtual-template 3

default-group-policy SDM_WEBVPN_POLICY_1

aaa authentication list sdm_vpn_xauth_ml_1




Re: SSL VPN Problems configuring via CCA 2.2

If CCA doesn't recognize the firewall, it is likely the problem.  You will probably have to delete the FW settings, the VPN settings, and then readd them.  Have you made changes to the FW outside of CCA?  If so, you should look at the CCA out of band guide for this.

Community Member

Re: SSL VPN Problems configuring via CCA 2.2

This UC500 was configured quite a long time ago and before CCA was really used for all the configuration where CLI was necessary for different features.  Since there are a lot of customization and it's a production system, we currently do not want to rebuild the system to be "in-band" at this point.   I have opened up SSL (port 443) on the existing firewall, is there other ports and/or protocols that need to be opened on the firewall?   Can you please send me an example of a firewall configuration that has SSL VPN configured and working?

CreatePlease to create content