Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

anyconnect version 2.4 second host entry gets invalid host entry please re-enter

Hi,

I have an ASA 5520,   running 8.21,  anyconnect 2.4.  I have the profile on the ASA downloading with the client.  I have a second ASA as a backup VPN server as well, they are configured as identically as possible. 

If I connect on the first ASA using the hostname  "vpn1.companyx.com", all works fine.     when I go to connect to the second ASA using the hostname "vpn2.companyx.com"  on the anyconnect client, I get the error message  "invalid host entry".  the xml profile tests as fine,  the host entries are both resolvable in dns and the vpn2 system repsonds fine using IP address.  It seems to be a anyconnect issue...

thoughts?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: anyconnect version 2.4 second host entry gets invalid host e

-Are you using a group-url on one ASA and not the other?

-Do you have "StandardUser" in your xml profile. If you create a new profile with a new name that does not have this setting does it work?

-If you have want to make it work with "StandardUser" in your xml profile, heres an example:



   vpn.cisco.com
   vpn.cisco.com
   CSCVPNUsers



The ASA will initiate a connection to:

https://vpn.cisco.com/CSCVPNUsers

In order for the ASA to send back the proper information, that group URL would have to exist under your tunnel-group/connection profile
In the configuration:

tunnel-group CSCVPNUsers webvpn-attributes
group-url https://vpn.cisco.com/CSCVPNUsers enable


-heather
2 REPLIES
Cisco Employee

Re: anyconnect version 2.4 second host entry gets invalid host e

-Are you using a group-url on one ASA and not the other?

-Do you have "StandardUser" in your xml profile. If you create a new profile with a new name that does not have this setting does it work?

-If you have want to make it work with "StandardUser" in your xml profile, heres an example:



   vpn.cisco.com
   vpn.cisco.com
   CSCVPNUsers



The ASA will initiate a connection to:

https://vpn.cisco.com/CSCVPNUsers

In order for the ASA to send back the proper information, that group URL would have to exist under your tunnel-group/connection profile
In the configuration:

tunnel-group CSCVPNUsers webvpn-attributes
group-url https://vpn.cisco.com/CSCVPNUsers enable


-heather
New Member

Re: anyconnect version 2.4 second host entry gets invalid host e

That did it.   The group url was tied to the vpn2 entry.

Thanks!

5942
Views
5
Helpful
2
Replies