Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

not getting login prompt in ssl vpn

Hi  All,

Following is the configuration done for SSL vpn on our ASA 5510.   . though we did the configuration refering  the site  we are unable to get the login prompt. could you please check and suggest  to make SSL vpn working

Configuration

===========


      webvpn
        enable outside
      revert webvpn url-list Test
      import webvpn url-list SSL_Bookmarks disk0:/tmpAsdmImportFile1646955469
      delete /noconfirm disk0:/tmpAsdmImportFile1646955469
      group-policy SSL_users internal
      group-policy SSL_users attributes
        vpn-tunnel-protocol webvpn
        webvpn
          url-list value SSL_Bookmarks
      tunnel-group SSL_VPN type remote-access
      tunnel-group SSL_VPN general-attributes
        default-group-policy SSL_users
        authentication-server-group  RADIUS
      group-policy SSL_users attributes
        vpn-tunnel-protocol svc webvpn
      tunnel-group SSL_VPN webvpn-attributes
        group-alias AnyConnect enable
      webvpn
        tunnel-group-list enable

============================

Version

======

ASA-5510-1# sh ver

Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)

Compiled on Tue 05-May-09 22:45 by builders
System image file is "disk0:/asa821-k8.bin"
Config file at boot was "startup-config"

ASA-5510-1 up 57 days 9 hours

Hardware:   ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0         : address is 0027.0d38.034e, irq 9
1: Ext: Ethernet0/1         : address is 0027.0d38.034f, irq 9
2: Ext: Ethernet0/2         : address is 0027.0d38.0350, irq 9
3: Ext: Ethernet0/3         : address is 0027.0d38.0351, irq 9
4: Ext: Management0/0       : address is 0027.0d38.0352, irq 11
5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11
6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 100
Inside Hosts                 : Unlimited
Failover                     : Active/Active
VPN-DES                      : Enabled
VPN-3DES-AES                 : Disabled
Security Contexts            : 2
GTP/GPRS                     : Disabled
SSL VPN Peers                : 2
Total VPN Peers              : 250
Shared License               : Disabled
AnyConnect for Mobile        : Disabled
AnyConnect for Linksys phone : Disabled
AnyConnect Essentials        : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions      : 2
Total UC Proxy Sessions      : 2
Botnet Traffic Filter        : Disabled

This platform has an ASA 5510 Security Plus license.

Serial Number: JMX1350L04D
Running Activation Key: 0xef04c544 0xf4999c16 0xf4c19950 0x85684c50 0x442c3292
Configuration register is 0x1
Configuration last modified by enable_15 at 06:55:11.349 UAE Thu Nov 18 2010
ASA-5510-1#

===================

Thanks in adavnce

  • VPN
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: not getting login prompt in ssl vpn

You can get the 3des activation key from the licensing page (it's free):

https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet?DemoKeys=Y

(Click on Cisco ASA 3DES/AES License)

It can run with just the DES, however, your browser might not support DES. The browser will request policy that it has, and see if ASA has that configured, but I know that a lot of the new browser might not support DES anymore, but feel free to try.

18 REPLIES
Cisco Employee

Re: not getting login prompt in ssl vpn

Can you please share the output of "show vpn-sessiondb summ".

New Member

Re: not getting login prompt in ssl vpn

Please see the output

ASA-5510-1# sh vpn-sessiondb summary

Active Session Summary

Sessions:
                           Active : Cumulative : Peak Concurrent : Inactive
  IPsec LAN-to-LAN      :       1 :        453 :               3
  IPsec Remote Access   :       0 :        122 :               3
  Totals                :       1 :        575

License Information:
  IPsec   :    250    Configured :    250    Active :      1    Load :   0%
  SSL VPN :      2    Configured :      2    Active :      0    Load :   0%
                            Active : Cumulative : Peak Concurrent
  IPsec               :          1 :        587 :               4
  Totals              :          1 :        587

Active NAC Sessions:
  No NAC sessions to display

Active VLAN Mapping Sessions:
  No VLAN Mapping sessions to display
-ASA-5510-1#

Cisco Employee

Re: not getting login prompt in ssl vpn

OK, so there isn't any stale sessions. Can you telnet to the ASA outside interface on port 443?

What do you get when you try to browse to it? A copy of the config might show us something.

New Member

Re: not getting login prompt in ssl vpn

Since i am  sitting behind firewall i wont be able to telnet to 443 on the outside interface.  please find attached  the config

Cisco Employee

Re: not getting login prompt in ssl vpn

Sorry, but where are you trying to access it from? If you are trying to access it from the inside network, it will not work.

You would need to access it from the outside interface (from the Internet). You can't cross connect to the outside interface from inside network.

New Member

Re: not getting login prompt in ssl vpn

Hi,

I am trying to access from Outside (Internet ) only.  i am able to telnet port 443 from outside.

Could you please check and suggest if anything more to add in my VPN config.

Thanks

New Member

Re: not getting login prompt in ssl vpn

Could someone check and suggest to make the SSL VPN working . thanks

Cisco Employee

Re: not getting login prompt in ssl vpn

Are you trying to connect to Webvpn (Clientless SSL VPN), or AnyConnect (full tunnel SSL VPN)?

How are you trying to connect? using browser to connect? and also can you advise the URL that you are trying to connect to?

New Member

Re: not getting login prompt in ssl vpn

thanks for your response.

Are you trying to connect to Webvpn (Clientless SSL VPN), or AnyConnect (full tunnel SSL VPN)?

I am trying to connect  Clientless SSL VPN

How are you trying to connect? using browser to connect? and also can you advise the URL that you are trying to connect to?

Using internet explorer.   i type https://IP address ( outside interface)

837
Views
5
Helpful
18
Replies
This widget could not be displayed.