Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Anyconnect client can't connect to ASA


I need to connect to my enterprise VPN from a tablet running Windows 8.

Until now we have been using VPN clients on Windows XP and 7 workstations to make VPN connections and everything works well. As the tablet uses Windows 8 I installed the Cisco AnyConnect Client 3.1.04066 but when I open it and type the public IP of the ASA I can't connect to it

I have been reading about it but I'm not sure if I need to change the ASA configuration to allow access from clients using AnyConnect or the present configuration which works perfect with clients using VPN 5.X is enough for the AnyConnect to work.

Do I need a new license to use AnyConnect clients?

Is it possible to have both clients using VPN 5.X and Anyconnect connecting to the ASA?

I add here the output of sh ver in the ASA firewall. Find also enclosed some screenshots of the ASDM.

In screenshot1 I tried enabling the Enable Cisco Anyconnect... in interface outside but the VPN didn't work so I left it as it was in my original configuration (that is how it is in screenshot1)

Thanks in advanced.

show ver

Cisco Adaptive Security Appliance Software Version 8.0(2)

Device Manager Version 6.0(2)

Compiled on Fri 15-Jun-07 19:29 by builders

System image file is "disk0:/asa802-k8.bin"

Config file at boot was "startup-config"

H-4506 up 78 days 19 hours

failover cluster up 78 days 20 hours

Hardware:   ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

                             Boot microcode   : CN1000-MC-BOOT-2.00

                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01

                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04

0: Ext: GigabitEthernet0/0  : address is 001d.4524.c420, irq 9

1: Ext: GigabitEthernet0/1  : address is 001d.4524.c421, irq 9

2: Ext: GigabitEthernet0/2  : address is 001d.4524.c422, irq 9

3: Ext: GigabitEthernet0/3  : address is 001d.4524.c423, irq 9

4: Ext: Management0/0       : address is 001d.4524.c41f, irq 11

5: Int: Not used            : irq 11

6: Int: Not used            : irq 5

Licensed features for this platform:

Maximum Physical Interfaces  : Unlimited

Maximum VLANs                : 150      

Inside Hosts                 : Unlimited

Failover                     : Active/Active

VPN-DES                      : Enabled  

VPN-3DES-AES                 : Enabled  

Security Contexts            : 2        

GTP/GPRS                     : Disabled 

VPN Peers                    : 750      

WebVPN Peers                 : 2        

Advanced Endpoint Assessment : Disabled 

This platform has an ASA 5520 VPN Plus license.

Serial Number: JMX1151L2JN

Running Activation Key: 0x2b18475c 0x9cd6f626 0xe4f33978 0x8a3c7874 0x470bbfa8

Configuration register is 0x1

Configuration last modified by enable_15 at 10:40:46.933 CEDT Fri Oct 11 2013

Hall of Fame Super Silver

Anyconnect client can't connect to ASA

Mobile remote access VPN clients (iOS, Android etc.) require the Anyconnect for Mobile license. In your case, the part number would be L-ASA-AC-M-5520=.

However, please be advised the Anyconnect for Mobile has a prerequisite of ASA software at least 8.0(3). you 8.0(2) will not support that license. If you have smartnet support, I would advise upgrading to at least 8.2(5). That the latest release that doesn't require a memory upgrade or change the syntax (NAT etc.).

New Member

Re: Anyconnect client can't connect to ASA

Thanks a lot for your help.

I only have one Windows 8 device with AnyConnect. I don't have IOS or Android devices. Is Anyconnect Mobile the only license I need? Do I also need Anyconnect Essentials?

I read in that:

By default, the security appliance includes an AnyConnect Premium license for 2 sessions. This would be enough for me as I only need access for one Windows 8 tablet.

Is this license available in my case? I can't see it in the show ver command.


Hall of Fame Super Silver

Re: Anyconnect client can't connect to ASA

You won't see it on your 8.0(2) system because they have changed the packaging to introduce the licensing you are asking about later on.

Once you get your system onto 8.2 you will see the default two AnyConnect Premium licenses. The only way it would not be available would be if you were to install and activate AnyConnect Essentials licenses (because you must choose from either Essentials or Premium).