Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Failed SVC connections consume WebVPN conn. licenses

Here's the scenario:

ASA5510 security plus running v8.0(4) and v6.1.(5)51 ASDM; has two default WebVPN licenses.

I'm demonstrating AnyConnect client to a customer. The customer has a proxy server that all outbound connectivity goes thru. I connect to the ASA to install the AnyConnect client v2.3.0254, credentials are authenticated and then the proxy server asks for credentials the local domain - no one knew what they were to begin with so we tried guessing a few times. After the second connection try I then got the msg that the the authentication credentials were no good - ie username/password failed. I checked the ASA and found both of the default Clientless SSL VPN connections were active. Once I logged out those connections I could then reconnect and with the correct local domain credentials was able to make an AnyConnect connection which I could then disconnect afterwards.

Do I have a config error, an IOS bug or a feature??



Re: Failed SVC connections consume WebVPN conn. licenses

In rare circumstances, incrementing output drops result from a problem with the transmit queue for a VC. During this condition, the VC appears "stuck".

Use these tips to determine whether you are experiencing a stuck VC condition:

Execute several instances of the show interface atm command and look for a rapidly increasing value for output drops.

If your image supports per-VC queueing, execute several instances of the show queueing interface atm command and look for a consistent value of "Output queue 40/40" if your VC uses Layer-3 FIFO queueing.

Execute shutdown and then no shutdown on the interface or subinterface. These commands reset the transmit ring queues.

Execute show atm vc and show atm pvc and analyze both the input and output packet counters. Are the input packet counters incrementing? Is the problem on the transmit side only?