Clientless SSL VPN to AnyConnect

joe.ho · ‎12-16-2011

I am setting up a clientless SSL VPN and AnyConnect on a ASA5510 running 8.4. When I login to clientless SSL VPN I get a menu with AnyConnect showing as an option. When I click on that AnyConnect it try to load. Half way loading an error message pop up.

Error message:

The secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication. The following message was received from the secure gateway: No address available for SVC connection.

When I load AnyConnect seperately then it works. I don't have that problem when using 8.2. What will be the problem here?

Thanks for helping.

mopaul · ‎12-18-2011

From the error it seems like client is not getting an ip address. Have you configured ASA for local address assignment or through an external DHCP server.? Make sure, you have either of the respective command enabled

++vpn-addr-assign dhcp (for external address assignment)

++vpn-addr-assign local (address assingment through asa)

Also, ensure that IP address pool on ASA or correct address pool name bound with tunnel-group is still there in the config post upgrade to 8.4

If config is retained even after upgrade to 8.4, i doubt if client connecting to correct group. Can you do debug and check same?

Feel free to post svc debugs here.

hth

Mohit Paul CCIE-Security 35496 P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries