08-31-2012 11:10 PM
%ASA-6-725001: Starting SSL handshake with client outside:58.211.122.212/3293 for TLSv1 session.
%ASA-6-725003: SSL client outside:58.211.122.212/3293 request to resume previous session.
%ASA-6-725002: Device completed SSL handshake with client outside:58.211.122.212/3293
%ASA-6-113012: AAA user authentication Successful : local database : user = admin
%ASA-6-113009: AAA retrieved default group policy (SSLCLientPolicy) for user = admin
%ASA-6-113008: AAA transaction status ACCEPT : user = admin
%ASA-7-734003: DAP: User admin, Addr 58.211.122.212: Session Attribute aaa.cisco.grouppolicy = SSLCLientPolicy
%ASA-7-734003: DAP: User admin, Addr 58.211.122.212: Session Attribute aaa.cisco.username = admin
%ASA-7-734003: DAP: User admin, Addr 58.211.122.212: Session Attribute aaa.cisco.tunnelgroup = SSLClientProfile
%ASA-6-734001: DAP: User admin, Addr 58.211.122.212, Connection Clientless: The following DAP records were selected for this connection: DfltAccessPolicy
%ASA-4-716023: Group <SSLCLientPolicy> User <admin> IP <58.211.122.212> Session could not be established: session limit of 2 reached.
%ASA-4-716007: Group <SSLCLientPolicy> User <admin> IP <58.211.122.212> WebVPN Unable to create session.
%ASA-6-302013: Built inbound TCP connection 137616 for outside:58.211.122.212/3294 (58.211.122.212/3294) to identity:61.155.55.66/443 (61.155.55.66/443)
%ASA-6-302013: Built inbound TCP connection 137617 for outside:58.211.122.212/3295 (58.211.122.212/3295) to identity:61.155.55.66/443 (61.155.55.66/443)
%ASA-6-725001: Starting SSL handshake with client outside:58.211.122.212/3294 for TLSv1 session.
%ASA-6-725003: SSL client outside:58.211.122.212/3294 request to resume previous session.
%ASA-6-725001: Starting SSL handshake with client outside:58.211.122.212/3295 for TLSv1 session.
%ASA-6-725003: SSL client outside:58.211.122.212/3295 request to resume previous session.
Red error what is the reason? Only appears in the window 2003 server.
09-01-2012 12:15 AM
You probably have this in your config:
group-policy SSLCLientPolicy attributes
vpn-simultaneous-logins 2
And the two allowed simultaneous logins are reached. Either use a different username or increase this limit.
EDIT:
I just see in your config thta the above is *not* the reason! You don't have a license to use more then two SSL-sessions. For that you need the AnyConnect Premium or the AnyConnect Essentials license. Both is not applied to the ASA.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
09-01-2012 12:29 AM
thanks !!!
but......
Fault: the old way
Logging: the old way
09-01-2012 09:03 PM
ciscoasa# show activation-key
Serial Number: JMX1314Z1UV
Running Activation Key: 0x9625fa6a 0x68e90200 0x38c3adac 0xaa0448d0 0x4b3815b6
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : 10
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
SSL VPN Peers : 2
Total VPN Peers : 10
Dual ISPs : Disabled
VLAN Trunk Ports : 0
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has a Base license.
The flash activation key is the SAME as the running key.
ciscoasa#
Sure ?it was licence question?
09-02-2012 12:17 PM
Hello Shikun,
Here is the thing that Karsten is telling you:
SSL VPN Peers : 2
This means that there can be only to SSL sessions to your ASA, until one of them get's closed you could innitiate a new session.
You can disconnect all the sessions and give it a try to see it working.
Command to check how many SSL sessions exist to our ASA:
sh vpn-sessiondb webvpn
Command to clear the current SSL session on our ASA:
vpn-sessiondb logoff webvpn
Regards,
Julio
09-03-2012 07:22 PM
Command to check how many SSL sessions exist to our ASA:
sh vpn-sessiondb webvpn
ciscoasa# show vpn-sessiondb webvpn
INFO: There are presently no active sessions
ciscoasa# show ssl
Accept connections using SSLv2, SSLv3 or TLSv1 and negotiate to SSLv3 or TLSv1
Start connections using SSLv3 and negotiate to SSLv3 or TLSv1
Enabled cipher order: aes128-sha1
Disabled ciphers: 3des-sha1 des-sha1 rc4-md5 rc4-sha1 aes256-sha1 null-sha1
No SSL trust-points configured
Certificate authentication is not enabled
The use of aes128-sha1 win2003server even web interface are not open!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: