Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

anyconnect not working

I want to be able to connect to asa via portal page from any internet location, automatically use anyconnect (no user choice), and have all networks tunneled (access to both the internal 192.168.5.x lan as well as that sites internet connection).  When I login, it starts downloading anyconnect, then I receive a 'can't connect to network' error and it terminates.  It used to work,but I guess the config was not saved and after a reboot it now doesn't work (yeah, I'm kicking myself for that).  Not sure where to look, I think I have been staring at it too long.

ASA Version 8.2(2)


hostname lenny


enable password [DELETED]

passwd [DELETED]



interface Vlan1

nameif inside

security-level 100

ip address


interface Vlan2

nameif outside

security-level 0

ip address dhcp setroute


interface Vlan3


no forward interface Vlan1

nameif dmz

security-level 50

no ip address


interface Ethernet0/0

description wan

switchport access vlan 2


interface Ethernet0/1


interface Ethernet0/2


interface Ethernet0/3


interface Ethernet0/4


interface Ethernet0/5


interface Ethernet0/6


interface Ethernet0/7

switchport access vlan 3


banner exec Unauthorized access strictly prohibited

banner login Unauthorized Access Prohibited

banner motd Unauthorized Access Prohibited

boot system disk0:/asa822-k8.bin

ftp mode passive

clock timezone CST -6

clock summer-time CDT recurring

dns domain-lookup inside

dns domain-lookup outside

dns server-group DefaultDNS




object-group service [DELETED]

port-object eq [DELETED]

object-group service [DELETED]udp

description [DELETED]

port-object eq [DELETED]

access-list in_nat0_out extended permit ip any

access-list outside_access_in remark [DELETED]

access-list outside_access_in extended permit tcp any any eq [DELETED]

access-list outside_access_in extended permit udp any any eq [DELETED]

access-list lan remark all lan

access-list lan standard permit

pager lines 24

logging enable

logging asdm informational

mtu inside 1500

mtu outside 1500

mtu dmz 1500

ip local pool anyvpn_pool mask

ip local pool anyvpnpool2 mask

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-625.bin

asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list in_nat0_out

nat (inside) 1

static (inside,outside) tcp interface [DELETED] [DELETED]netmask

static (inside,outside) udp interface [DELETED] [DELETED]netmask

access-group outside_access_in in interface outside

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

http [DELETED] outside

http inside

http [DELETED] outside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

no vpn-addr-assign aaa

no vpn-addr-assign dhcp

vpn-addr-assign local reuse-delay 5

telnet inside

telnet timeout 5

ssh inside

ssh timeout 10

ssh version 2

console timeout 5

dhcpd auto_config outside


dhcpd address inside

dhcpd dns interface inside

dhcpd auto_config outside interface inside

dhcpd enable inside


threat-detection basic-threat

threat-detection statistics protocol

threat-detection statistics access-list

no threat-detection statistics tcp-intercept


enable inside

enable outside

csd image disk0:/securedesktop-asa-

svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1

svc enable

group-policy DfltGrpPolicy attributes

vpn-simultaneous-logins 5

vpn-idle-timeout 20

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

ip-comp enable

split-tunnel-network-list value lan

intercept-dhcp enable


  url-list value default

  svc ask none default svc

  hidden-shares visible

username [DELETED]password [DELETED]== nt-encrypted

username [DELETED]attributes

service-type remote-access

username [DELETED]password [DELETED]== nt-encrypted

username [DELETED]attributes

service-type remote-access

service-type remote-access

username [DELETED]password [DELETED] encrypted privilege 15

tunnel-group DefaultRAGroup general-attributes

address-pool anyvpn_pool

tunnel-group DefaultWEBVPNGroup general-attributes

address-pool anyvpn_pool

address-pool anyvpnpool2

tunnel-group Portal type remote-access

tunnel-group Portal general-attributes

address-pool anyvpn_pool


class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  inspect ip-options


service-policy global_policy global

prompt hostname context



: end



Re: anyconnect not working

What does the ASA log show? If you use ASDM->Monitoring->logging->Debug level, it usually prints messages when the client fails to connect.