In the profile I have specified a hostname for my headend ASA (a single 5540 with 1000 ssl premium, one full client profile, very straight forward config).
When the Anyconnect client runs up and gives me the 'Connect To' list, the hostname appears there as expected. However, If I click 'Select' I get an error 'Invalid host entry, Please re-enter'
If I then click in the box, delete the string as given in the list and type in the IP address of that hostname and click select, it works !
I tried changing the profile to specify the IP address, same result. Fails if i just click select but works if i delete the IP address (which worked in the test above) and retype hostname as was originally in the list, into the connect to box !
Once it is working I can disconnect and reconnect as normal with the manually entered hostname or ip but not the profile populated versions.Of course, as soon as I shut the client down and reload it, i'm back to square one.
I have tried a few different combinations and it seems that whatever entry was populated in the list by the profile will never work, I have to manually type in either the IP or the hostname (the opposite of the profile entry) to get it working.
Anyone seen this behaviour and can suggest a fix/workaround ? I'm at a loss with this one !!
It is definitely strange. When I import your profile into my ASA configuration, it reverts all of the fields to their defaults. Although the context of the profile looks ok, I am wondering if the schema is being validated correctly. If I make changes to the profile once loaded, the changes are saved as I would expect to see. What I would do is either build the profile from scratch using either the .tmpl file that gets installed with AnyConnect or utilize the profile GUI in ASDM 6.3. To access the profile directory in Windows XP, you can follow the path below. Delete any existing XML files and use the AnyConnectProfile.tmpl file as your baseline. This template will change with each new AnyConnect revision as features are added or modified.
C:\Documents and Settings\All Users\Application Data\Cisco\Cisco AnyConnect VPN Client\Profile
I have also found that if i make changes to the profile manually, it works, even though the file doesnt appear to look any different although I still have to type the opposite of what was there already, i.e. type in the IP if the hostname was there originally.
I did try both the GUI in ASDM 6.3 and the standalone java version and both made no difference. It seems that if I manually edit the file in the way above, then it works.
I have found a workaround which may help you guys with more knowledge than me pin this down, If i use either GUI to build the profile but then omit the GROUP entry from the host portion of the profile, it works everytime.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...