I set up a vpn connection using my ASA 5515-x. It's configured to use anyconnect only, and web access just redirects the user to anyconnect client download.
Tested this on my lab computer (using mobile broadband for true external access) and it worked fine.
But now I'm testing with another computer, which is pretty much an identical Win7 laptop. Initial connection worked fine. I could use my browser to access the client download, and once installed it connected automatically. But afer reboot the anyconnect client refused to accept my login credentials. However if I log in using my browser first anyconnect is suddenly happy....?
Any ideas that could explain this behaviour? Is there a config change I need?
Thanks for your reply. Checked the tunnel group, and it seems to be correct.
I think it's Certificate related. I'm using self signed certs during the test period, and when accessing with my browser I'm forced to accept that the certificate cannot be verified. No such option pops up using anyconnect. But when I set the option to autoselect certificates the approve/decline box pops up and login works. So I guess the problem is solved.... I'm just not sure exactly why.
But I had to set this option on the client computer. Looking at the profile options for anyconnect on the ASA no such option is available. I can disable auto select cert and let the user choose, but not enable it. In my scenario it should be on by default as I doubt most of my users will figure this out on their own.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...