I've got a problem and some questions about a test router I'm setting up in the lab.
I'm just trying to get Anyconnect VPN to work, and I've really been running around in circles trying to figure the bugger out - there is a huge amount of at least partially conflicting information out there, no doubt because of the 871.
I'm using IOS version 12.4(24)T, with sslclient-win-126.96.36.199-anyconnect.pkg as my SSL client. I have no idea if it's the right one, but CCP accepted it.
I recall setting up Anyconnect once before, and the filename was most certainly different. Am I using the right one? It seems to me that there's at least three types of "Client VPN" that Cisco's can do. They are:
SSL VPN SVC
Anyconnect SSL VPN
Or something like that. I've seen such an assortment, that I'm not sure what's what. What is the difference between them, especially as far as Anyconnect is concerned?
What's up with that "SVC" designation? A few guides I've seen have mentioned it specifically.
Ok, moving on to my troubles.
The problem I'm having right now is when I browse to the VPN page, I get a blank screen that's "Done". Am I correct in thinking I've missed a setting somewhere, or is it perhaps related to the anyconnect package I'm using?
Here's my running-config:
Current configuration : 4618 bytes
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
logging message-counter syslog
no logging buffered
enable secret 5 $1$OTpa$smj0mTouZOMp01yDNwW1W0
enable password hidden
aaa authentication login sslvpn local
aaa session-id common
crypto pki trustpoint MyCert
crypto pki certificate chain MyCert
certificate self-signed 02
blah numbers blah
ip dhcp pool vpnpool
network 192.168.0.0 255.255.255.0
dns-server 188.8.131.52 184.108.40.206
no ip domain lookup
ip domain name domain.com
no ipv6 cef
multilink bundle-name authenticated
username blargle privilege 15 password 0 blargle
ip ssh version 2
description SSL DHCP Pool Gateway Address
ip address 192.168.250.1 255.255.255.0
description SSL VPN Website Address
ip address 10.10.10.1 255.255.255.0
ip address 10.1.70.5 255.255.255.0
ip address 192.168.0.1 255.255.255.0
ip nat inside
no ip address
ip local pool sslvpnpool 192.168.250.2 192.168.250.100
ip default-gateway 10.1.70.1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.1.70.1
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
I'm prepared to try it next, but my concerns about the client package are putting things on hold. Can the 871 even do this sort of thing? I see things for the other types of SSL VPN, but no one has mentioned Anyconnect. I assume they are similar, however.
Finally, I can't use CCP to configure the VPN - it gives me a message about not supporting the self-signed cert, and I can't even start the process through the GUI unless that is resolved. Is that supposed to happen?
So, it turns out I was entering the URL wrong. Glad I caught that one.
In any case, I got this message once I logged in:
The installer was not able to start the Cisco SSL VPN Client.
I got an IP address from my pool, but the software very clearly failed to install. Is it possible there is a conflict with an already installed version? Is there some specific logging settings I should enable?
I removed the Anyconnect software already installed on my computer, and I am having the same problem, although it seems like I've made it further than before.
I see that the page is titled "No Support". I imagine this means I'm using the wrong Anyconnect client, but in that case, which one should I be using? Does any Anyconnect client (that's for my OS) work, or do I need a specific version for the 871, like a IOS version or something?
Basically, am I getting the "No Support" because my computer is incompatible with the Anyconnect client it's using, or because the Cisco isn't compatible with the version of Anyconnect on it?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :