Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ClientLess VPN (Clientless (browser) SSL VPN access is not allowed.)

Clientless SSL VPN errors. I have two groups that I get from the main login(AnyConnectVPN & ClientLessVPN). AnyConnect works fine and start the Anyconnect Client. But when I chose the ClientLessVPN group  and login to access the web, I get this error (Clientless (browser) SSL VPN access is not allowed.).What am I missing, here is the config.

webvpn
enable outside
anyconnect-essentials
svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 1
svc enable
tunnel-group-list enable

group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec
group-policy ClientLessVPNGroup internal
group-policy ClientLessVPNGroup attributes
vpn-tunnel-protocol webvpn
webvpn
  svc ask none default webvpn
group-policy AnnyConnectVPNGroup internal
group-policy AnnyConnectVPNGroup attributes
vpn-tunnel-protocol svc
webvpn
  svc keep-installer none
tunnel-group ClientLessVPN type remote-access
tunnel-group ClientLessVPN general-attributes
default-group-policy ClientLessVPNGroup
tunnel-group ClientLessVPN webvpn-attributes
group-alias ClientLessVPN enable
tunnel-group AnnyConnectVPN type remote-access
tunnel-group AnnyConnectVPN general-attributes
address-pool VPNPOOL
default-group-policy AnnyConnectVPNGroup
tunnel-group AnnyConnectVPN webvpn-attributes
group-alias AnnyConnectVPN enable
group-url https://xx.xx.xx.xx/AnnyConnectVPN enable
!

Everyone's tags (3)
5 REPLIES
Cisco Employee

Re: ClientLess VPN (Clientless (browser) SSL VPN access is not a

You are running and having AnyConnect Essential license on your ASA which does not support Clientless SSL VPN.

There are 2 types of SSL VPN license:

1) AnyConnect Essential license - only supports AnyConnect client connections

2) AnyConnect Premium license (user base license) - supports all flavours of SSL VPN, including: clientless SSL VPN, AnyConnect client VPN, and all the advanced features of SSL VPN.

Hope that answers your question.

Community Member

Re: ClientLess VPN (Clientless (browser) SSL VPN access is not a

This is what is enabled,I have 10 SSL

Device License                        VPN Plus

AnyConnect Essentials            Enabled

SSL VPN Peers                      10

Community Member

Re: ClientLess VPN (Clientless (browser) SSL VPN access is not a

Double checked the LIC

Have 10 Premium User Lic

L-ASA-SSL-10= ASA 5500 SSL VPN 10 Premium User License

Cisco Employee

Re: ClientLess VPN (Clientless (browser) SSL VPN access is not a

You can't have both AnyConnect Essential license and AnyConnect Premium license enabled at the same ASA. It is one or the other.

Since you have both enabled at the moment, if you would like to use the Clientless SSL VPN, you can disable the AnyConnect Essestial license, and make use of the 10 AnyConnect Premium license. But please kindly be advised that you will only have maximum of 10 concurrent SSL VPN connections.

Here is the command to disable AnyConnect Essential:

webvpn

  no anyconnect-essentials

Here is the command reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/a2.html#wp1668278

Hope that answers your question.

Community Member

Re: ClientLess VPN (Clientless (browser) SSL VPN access is not a

Thanks, this solved my problem to  :-)

22316
Views
9
Helpful
5
Replies
CreatePlease to create content