Please see the output

ASA-5510-1# sh vpn-sessiondb summary

Active Session Summary

Sessions:
                           Active : Cumulative : Peak Concurrent : Inactive
  IPsec LAN-to-LAN      :       1 :        453 :               3
  IPsec Remote Access   :       0 :        122 :               3
  Totals                :       1 :        575

License Information:
  IPsec   :    250    Configured :    250    Active :      1    Load :   0%
  SSL VPN :      2    Configured :      2    Active :      0    Load :   0%
                            Active : Cumulative : Peak Concurrent
  IPsec               :          1 :        587 :               4
  Totals              :          1 :        587

Active NAC Sessions:
  No NAC sessions to display

Active VLAN Mapping Sessions:
  No VLAN Mapping sessions to display
-ASA-5510-1#

OK, so there isn't any stale sessions. Can you telnet to the ASA outside interface on port 443?

What do you get when you try to browse to it? A copy of the config might show us something.

Since i am  sitting behind firewall i wont be able to telnet to 443 on the outside interface.  please find attached  the config

Hi,

I am trying to access from Outside (Internet ) only.  i am able to telnet port 443 from outside.

Could you please check and suggest if anything more to add in my VPN config.

Thanks

Could someone check and suggest to make the SSL VPN working . thanks

Are you trying to connect to Webvpn (Clientless SSL VPN), or AnyConnect (full tunnel SSL VPN)?

How are you trying to connect? using browser to connect? and also can you advise the URL that you are trying to connect to?

thanks for your response.

Are you trying to connect to Webvpn (Clientless SSL VPN), or AnyConnect (full tunnel SSL VPN)?

I am trying to connect  Clientless SSL VPN

How are you trying to connect? using browser to connect? and also can you advise the URL that you are trying to connect to?

Using internet explorer.   i type https://IP address ( outside interface)

Are you getting prompted with the Untrusted site certificate? or it doesn't even pass through that stage?

Please check creating the self signed certificate part from the following URL (Step 1):

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml

Are you getting prompted with the Untrusted site certificate? or it doesn't even pass through that stage?

Please note i am not at all getting any prompt with Untrusted site certificate. when i try https://ip address of the outside interface on the explorer tab it says the server is uunavailable or temperorly down or sometime  *** UnKnown can't find *.*.186: Non-existent domain. it does not throw any such certificate error or login page.

But i am able to telnet port 443 from outside.

Do u think its a license issue? any problem with configuration ?

Thanks

Ahhh, missing the ssl encryption policy.

ssl encryption 3des-sha1 des-sha1 aes128-sha1 aes256-sha1

Hope that resolves the issue.

i get the below message when i type the below command.

ASA-5510-1(config)# ssl encryption 3des-sha1 des-sha1 aes128-sha1 aes256-$
The 3DES/AES algorithms require a VPN-3DES-AES activation key.
ASA-5510-1(config)#

==============================================================

Please also find the version details from my ASA. to run SSL clientless vpn do we require VPN-3DES-AES  or it should run with DES cencryption currently we have it in ASA.

ASA-5510-1 up 58 days 5 hours

Hardware:   ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0         : address is 0027.0d38.034e, irq 9
1: Ext: Ethernet0/1         : address is 0027.0d38.034f, irq 9
2: Ext: Ethernet0/2         : address is 0027.0d38.0350, irq 9
3: Ext: Ethernet0/3         : address is 0027.0d38.0351, irq 9
4: Ext: Management0/0       : address is 0027.0d38.0352, irq 11
5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11
6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 100
Inside Hosts                 : Unlimited
Failover                     : Active/Active
VPN-DES                      : Enabled
VPN-3DES-AES                 : Disabled
Security Contexts            : 2
GTP/GPRS                     : Disabled
SSL VPN Peers                : 2
Total VPN Peers              : 250
Shared License               : Disabled
AnyConnect for Mobile        : Disabled
AnyConnect for Linksys phone : Disabled
AnyConnect Essentials        : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions      : 2
Total UC Proxy Sessions      : 2
Botnet Traffic Filter        : Disabled

This platform has an ASA 5510 Security Plus license.

Serial Number: JMX1350L04D
Running Activation Key: 0xef04c544 0xf4999c16 0xf4c19950 0x85684c50 0x442c3292
Configuration register is 0x1
Configuration last modified by enable_15 at 06:55:11.349 UAE Thu Nov 18 2010