Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1168
Views
9
Helpful
3
Replies

Anyconnect client can't connect to ASA

ivanka_busta
Level 1
Level 1

‎10-11-2013 04:25 AM - edited ‎02-21-2020 07:13 PM

Hi,

I need to connect to my enterprise VPN from a tablet running Windows 8.

Until now we have been using VPN clients 5.0.05.0290 on Windows XP and 7 workstations to make VPN connections and everything works well. As the tablet uses Windows 8 I installed the Cisco AnyConnect Client 3.1.04066 but when I open it and type the public IP of the ASA I can't connect to it

I have been reading about it but I'm not sure if I need to change the ASA configuration to allow access from clients using AnyConnect or the present configuration which works perfect with clients using VPN 5.X is enough for the AnyConnect to work.

Do I need a new license to use AnyConnect clients?

Is it possible to have both clients using VPN 5.X and Anyconnect connecting to the ASA?

I add here the output of sh ver in the ASA firewall. Find also enclosed some screenshots of the ASDM.

In screenshot1 I tried enabling the Enable Cisco Anyconnect... in interface outside but the VPN didn't work so I left it as it was in my original configuration (that is how it is in screenshot1)

Thanks in advanced.

show ver

Cisco Adaptive Security Appliance Software Version 8.0(2)

Device Manager Version 6.0(2)

Compiled on Fri 15-Jun-07 19:29 by builders

System image file is "disk0:/asa802-k8.bin"

Config file at boot was "startup-config"

H-4506 up 78 days 19 hours

failover cluster up 78 days 20 hours

Hardware:   ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

                             Boot microcode   : CN1000-MC-BOOT-2.00

                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01

                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04

0: Ext: GigabitEthernet0/0  : address is 001d.4524.c420, irq 9

1: Ext: GigabitEthernet0/1  : address is 001d.4524.c421, irq 9

2: Ext: GigabitEthernet0/2  : address is 001d.4524.c422, irq 9

3: Ext: GigabitEthernet0/3  : address is 001d.4524.c423, irq 9

4: Ext: Management0/0       : address is 001d.4524.c41f, irq 11

5: Int: Not used            : irq 11

6: Int: Not used            : irq 5

Licensed features for this platform:

Maximum Physical Interfaces  : Unlimited

Maximum VLANs                : 150      

Inside Hosts                 : Unlimited

Failover                     : Active/Active

VPN-DES                      : Enabled  

VPN-3DES-AES                 : Enabled  

Security Contexts            : 2        

GTP/GPRS                     : Disabled 

VPN Peers                    : 750      

WebVPN Peers                 : 2        

Advanced Endpoint Assessment : Disabled 

This platform has an ASA 5520 VPN Plus license.

Serial Number: JMX1151L2JN

Running Activation Key: 0x2b18475c 0x9cd6f626 0xe4f33978 0x8a3c7874 0x470bbfa8

Configuration register is 0x1

Configuration last modified by enable_15 at 10:40:46.933 CEDT Fri Oct 11 2013


Labels:
Preview file
63 KB
Preview file
77 KB
Preview file
65 KB
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-11-2013 07:31 AM

Mobile remote access VPN clients (iOS, Android etc.) require the Anyconnect for Mobile license. In your case, the part number would be L-ASA-AC-M-5520=.

However, please be advised the Anyconnect for Mobile has a prerequisite of ASA software at least 8.0(3). you 8.0(2) will not support that license. If you have smartnet support, I would advise upgrading to at least 8.2(5). That the latest release that doesn't require a memory upgrade or change the syntax (NAT etc.).

ivanka_busta
Level 1
Level 1
In response to Marvin Rhoads

‎10-14-2013 02:06 AM

Thanks a lot for your help.

I only have one Windows 8 device with AnyConnect. I don't have IOS or Android devices. Is Anyconnect Mobile the only license I need? Do I also need Anyconnect Essentials?

I read in http://www.cisco.com/en/US/partner/docs/security/asa/asa82/license/license82.html#wp197165 that:

By default, the security appliance includes an AnyConnect Premium license for 2 sessions. This would be enough for me as I only need access for one Windows 8 tablet.

Is this license available in my case? I can't see it in the show ver command.

Thanks.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ivanka_busta

‎10-14-2013 07:43 AM

You won't see it on your 8.0(2) system because they have changed the packaging to introduce the licensing you are asking about later on.

Once you get your system onto 8.2 you will see the default two AnyConnect Premium licenses. The only way it would not be available would be if you were to install and activate AnyConnect Essentials licenses (because you must choose from either Essentials or Premium).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents