This is already there.  Not being able to ping is not that much of an issue.  What I am really trying to do I allow Anyconnect clients on the ASA5505 authenticate using the RADIUS server located on the LAN(inside the ASA5510).

Currently a client PC behind the ASA5505 can authenticate to the DC behind the ASA5510. I just cannot seem to connect to the DC from the ASA5505.

"What I am really trying to do I allow Anyconnect clients on the ASA5505  authenticate using the RADIUS server located on the LAN(inside the  ASA5510)."

you need to have an entery in the crypto ACL like shown below and no-nat between tunnel 5505 and 5510.

access-list 100 permit ip host host

Let me know, if this helps.

thanks

Added the following

ASA5505

access-list OUTSIDE_1_CRYPTO extended permit ip host 207.xxx.xxx.xxx host HOMESTEAD

access-list INSIDE_NAT0_OUTBOUND extended permit ip host 207.xxx.xxx.xxx host HOMESTEAD

ASA5510

access-list nonat extended permit ip host 204.xxx.xxx.xxx 10.100.0.0 255.255.0.0

LEGEND

204.xxx.xxx.xxx  is the outside of the ASA5510

207.xxx.xxx.xxx  is the outside of the ASA5505

HOMESTEAD is 10.10.2.1 behind the ASA5510

Adding these did not work.

Let me know and I will post the whole configs.

Since, traffic is initiated from outside interface, it must be no-nat to outside

access-list OUTSIDE_NAT0_OUTBOUND extended permit ip host 207.xxx.xxx.xxx host HOMESTEAD

nat (outside) access-list  OUTSIDE_NAT0_OUTBOUND

Let me know, if this helps.

thanks

Please also make sure, from 5510 side to include in the cryto acl, the outside interface (i.e. 5505 outside interface) address as an interesting traffic to raidus server as well.

Please update me

thanks

Rizwan Rafeek

Before adding the remainder of the ACLs  I did run the test.

test aaa-server authentication PMRADIUS host Homestead

Username: jwright

Password: ********

INFO: Attempting Authentication test to IP address (timeout: 12 seconds)

INFO: Authentication Successful

aaa-server PMRADIUS protocol radius

aaa-server PMRADIUS (inside) host HOMESTEAD

key *****

tunnel-group DefaultWEBVPNGroup general-attributes

authentication-server-group PMRADIUS                     

Even though it authenticates successfully during the test.  When I try from the AnyConnect client I receive "AnyConnect is not enabled on this VPN server".  Anyconnect works fine with local usernames until authentication-server-group is set.

Please post your current running config, please remove security related info from the config.

thanks

Please change your authentication method as shown below for AnyConnect clients.

aaa-server PMRADIUS  protocol radius

  aaa-server PMRADIUS  host HOMESTEAD

  key my-shared-key

tunnel-group DefaultWEBVPNGroup general-attributes

  authentication-server-group (outside) HOMESTEAD

tunnel-group YOUR-TUNNEL-GROUP-NAME general-attributes

  authentication-server-group HOMESTEAD

let me know, if this helps.

thanks

Message was edited by: Rizwan Mohamed

Note:  If I VPN into the ASA5510 RADIUS works perfectly. 

ASA5505

CORVID-WC# sh run

: Saved

:

ASA Version 8.2(5)

!

hostname CORVID-WC

domain-name ***.local

enable password *** encrypted

passwd ptI.utjee51tvD/G encrypted

names

name 204.***.***.*** NewHudson

name 10.10.0.0 NH-LAN

name 10.10.2.1 HOMESTEAD

!

interface Ethernet0/0

description CORVID-WC *WAN* (Physical Interface)

switchport access vlan 2

!

interface Ethernet0/1

description CORVID-WC *LAN* (Physical Interface)

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

description CORVID-WC *LAN* Interface

nameif inside

security-level 100

ip address 10.100.0.1 255.255.0.0

!

interface Vlan2

description CORVID-WC *WAN* Interface

nameif outside

security-level 0

ip address 207.***.***.*** 255.255.255.248

!

ftp mode passive

clock timezone MST -5

clock summer-time MST recurring

dns server-group DefaultDNS

domain-name pme.local

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

access-list inside_out_outside extended permit ip any any

access-list outside_in_inside extended permit icmp any any

access-list CORVID-Split-Tunnel standard permit 10.100.0.0 255.255.0.0

access-list CORVID-Split-Tunnel standard permit NH-LAN 255.255.0.0

access-list INSIDE_NAT0_OUTBOUND extended permit ip 10.100.0.0 255.255.0.0 NH-LAN 255.255.0.0

access-list INSIDE_NAT0_OUTBOUND extended permit ip any 10.100.0.0 255.255.0.0

access-list OUTSIDE_1_CRYPTO extended permit ip 10.100.0.0 255.255.0.0 NH-LAN 255.255.0.0

pager lines 24

logging enable

logging monitor warnings

logging asdm informational

mtu inside 1500

mtu outside 1500

ip local pool CORVID-WC-VPNPOOL 10.101.0.10-10.101.0.60 mask 255.255.0.0

ip local pool GENERAL-WC-SSL 10.100.0.101-10.100.0.120 mask 255.255.0.0

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list INSIDE_NAT0_OUTBOUND

nat (inside) 1 10.100.0.0 255.255.0.0

access-group inside_out_outside in interface inside

access-group outside_in_inside in interface outside

route outside 0.0.0.0 0.0.0.0 207.148.209.17 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa-server PMERADIUS protocol radius

aaa-server PMERADIUS (inside) host HOMESTEAD

key *****

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

aaa authentication telnet console LOCAL

http server enable

http 10.100.0.0 255.255.0.0 inside

http 0.0.0.0 0.0.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set RTPSET esp-aes esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map CORVID-NH 1 match address OUTSIDE_1_CRYPTO

crypto map CORVID-NH 1 set peer NewHudson

crypto map CORVID-NH 1 set transform-set RTPSET

crypto map CORVID-NH interface outside

crypto ca trustpoint ***.***.com

enrollment terminal

fqdn ***.***.com

subject-name ***REMOVED

keypair ***.com

crl configure

crypto ca certificate chain

***REMOVED

  quit

crypto isakmp enable outside

crypto isakmp policy 1

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 inside

ssh 204.***.***.*** 255.255.255.224 outside

ssh 207.***.***.*** 255.255.255.248 outside

ssh timeout 5

console timeout 0

management-access inside

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ntp server 204.235.61.9 source outside

ssl trust-point ***.***.com outside

webvpn

enable outside

svc image disk0:/anyconnect-win-2.5.3055-k9.pkg 1

svc enable

group-policy CORVID-WC-SSL internal

group-policy CORVID-WC-SSL attributes

dns-server value 10.10.2.1

vpn-tunnel-protocol svc webvpn

split-tunnel-policy tunnelspecified

split-tunnel-network-list value CORVID-Split-Tunnel

default-domain value ***.local

webvpn

  url-list none

  svc ask enable

username testuser password *** encrypted privilege 0

username testuser attributes

vpn-group-policy CORVID-WC-SSL

tunnel-group DefaultWEBVPNGroup general-attributes

address-pool GENERAL-WC-SSL

authentication-server-group (inside) PMERADIUS

tunnel-group CORVID-WC-SSL type remote-access

tunnel-group CORVID-WC-SSL general-attributes

address-pool CORVID-WC-VPNPOOL

authentication-server-group PMERADIUS

default-group-policy CORVID-WC-SSL

tunnel-group 204.***.***.*** type ipsec-l2l

tunnel-group 204.***.***.*** ipsec-attributes

pre-shared-key *****

!

!

!

policy-map global_policy

!

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:e17c7854f2937aaaa50c70e6d0683d2d

: end

ASA5510

ciscoasa# sh run

: Saved

:

ASA Version 8.2(1)11

!

hostname ciscoasa

domain-name pme.local

enable password *** encrypted

passwd *** encrypted

names

name 204.***.***.107 Sonoma description OLD MAIL SERVER

name 207.***.***.19 SonomaBullsEye description OLD MAIL SERVER

name 10.10.2.6 DAYTONA-INT

name 10.10.2.62 SEBRING-INT

name 10.10.2.4 AUTHENTICA-INT

name 10.10.2.11 MIDOHIO-INT

name 10.10.2.15 PMEUPDATE-INT

name 10.10.2.25 FILETRANSFER-INT

name 10.10.2.22 FTP-INT

name 10.10.2.1 HOMESTEAD-INT

name 204.***.***.102 DAYTONA-EXT-OUT description CAS Server

name 204.***.***.109 FILETRANSFER-EXT-OUT description Secure File Transfer

name 204.***.***.105 FTP-EXT-OUT description FTPS

name 204.***.***.103 AUTHENTICA-EXT-OUT description Secure PDF

name 204.***.***.106 OSCODA-EXT-OUT description SQL Testing

name 204.***.***.104 ALEXSYS123-EXT-OUT description MidOhio

name 204.***.***.108 PMEUPDATE-EXT-OUT description NC Update server

name 207.***.***.21 FILETRANSFER-EXT-BAK

name 207.***.***.133 DAYTONA-EXT-BAK

name 207.***.***.134 AUTHENTICA-EXT-BAK

name 207.***.***.18 ALEXSYS-EXT-BAK description MIS

!

interface Ethernet0/0

nameif backup

security-level 1

ip address 207.***.***.*** 255.255.255.248

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 10.10.1.1 255.255.0.0

!

interface Ethernet0/2

shutdown

nameif outside2

security-level 0

no ip address

!

interface Ethernet0/3

nameif outside

security-level 0

ip address 204.***.***.*** 255.255.255.224

!

interface Management0/0

nameif management

security-level 100

ip address 172.17.0.199 255.255.255.0

management-only

!

banner motd       **************************** NOTICE ******************************

banner motd       *    Unauthorized access to this network device is FORBIDDEN!    *

banner motd       *  All connection attempts and sessions are logged and AUDITED!  *

banner motd       ******************************************************************

banner motd       **************************** NOTICE ******************************

banner motd       *    Unauthorized access to this network device is FORBIDDEN!    *

banner motd       *  All connection attempts and sessions are logged and AUDITED!  *

banner motd       ******************************************************************

boot system disk0:/asa821-11-k8.bin

ftp mode passive

clock timezone EST -5

clock summer-time EDT recurring

dns domain-lookup inside

dns domain-lookup outside2

dns domain-lookup outside

dns domain-lookup management

dns server-group DefaultDNS

name-server HOMESTEAD-INT

name-server SEBRING-INT

domain-name ***.local

same-security-traffic permit intra-interface

object-group service SQLTEST udp

description SQLTEST for VES

port-object eq 1434

object-group service SQLTEST_TCP tcp

description SQLTEST For VES

port-object eq 1433

object-group service DM_INLINE_TCP_1 tcp

port-object eq ftp

port-object eq ftp-data

access-list nonat extended permit ip any 10.10.11.0 255.255.255.0

access-list nonat extended permit ip 10.10.0.0 255.255.0.0 10.10.11.0 255.255.255.0

access-list nonat extended permit ip 10.10.0.0 255.255.0.0 192.168.101.0 255.255.255.0

access-list nonat extended permit ip 10.10.0.0 255.255.0.0 192.168.0.0 255.255.255.0

access-list nonat extended permit ip 10.10.0.0 255.255.0.0 10.100.0.0 255.255.0.0

access-list nonat extended permit ip 10.100.0.0 255.255.0.0 10.10.0.0 255.255.0.0

access-list nonat extended permit ip host 204.***.***.98 10.100.0.0 255.255.0.0

access-list outside_access_in extended permit tcp any host DAYTONA-EXT-BAK eq smtp

access-list outside_access_in extended permit tcp any host DAYTONA-EXT-BAK eq https

access-list outside_access_in extended permit tcp any host DAYTONA-EXT-BAK eq www

access-list outside_access_in extended permit tcp any host SonomaBullsEye eq https inactive

access-list outside_access_in extended permit tcp any host AUTHENTICA-EXT-BAK eq www

access-list outside_access_in extended permit tcp any host AUTHENTICA-EXT-BAK eq https

access-list outside_access_in extended permit udp any host 207.***.***.20 eq 1434

access-list outside_access_in extended permit tcp any host 207.***.***.20 eq 1433 inactive

access-list outside_access_in extended permit tcp any host FILETRANSFER-EXT-BAK eq www

access-list outside_access_in extended permit tcp any host FILETRANSFER-EXT-BAK eq https

access-list outside_access_in remark HTTP for TeamWeb

access-list outside_access_in extended permit tcp any host ALEXSYS-EXT-BAK eq www

access-list outside_access_in remark HTTPS for TeamWeb

access-list outside_access_in extended permit tcp any host ALEXSYS-EXT-BAK eq https

access-list outside_access_in extended permit icmp host 10.100.0.1 any

access-list outside_access_in extended deny icmp any any

access-list Split_Tunnel_List standard permit 10.10.0.0 255.255.0.0

access-list Split_Tunnel_List standard permit 192.168.101.0 255.255.255.0

access-list outside_access_in_1 extended permit tcp any host DAYTONA-EXT-OUT eq smtp

access-list outside_access_in_1 extended permit tcp any host DAYTONA-EXT-OUT eq https

access-list outside_access_in_1 extended permit tcp any host DAYTONA-EXT-OUT eq www

access-list outside_access_in_1 extended permit tcp any host Sonoma eq https inactive

access-list outside_access_in_1 extended permit tcp any host PMEUPDATE-EXT-OUT eq www

access-list outside_access_in_1 extended permit tcp any host FILETRANSFER-EXT-OUT eq www

access-list outside_access_in_1 extended permit tcp any host FILETRANSFER-EXT-OUT eq ssh inactive

access-list outside_access_in_1 extended permit tcp any host FILETRANSFER-EXT-OUT eq https

access-list outside_access_in_1 remark FTPS

access-list outside_access_in_1 extended permit tcp any host FTP-EXT-OUT object-group DM_INLINE_TCP_1

access-list outside_access_in_1 extended permit tcp any host FTP-EXT-OUT range 60200 60400

access-list outside_access_in_1 extended permit tcp any host AUTHENTICA-EXT-OUT eq www

access-list outside_access_in_1 extended permit tcp any host AUTHENTICA-EXT-OUT eq https

access-list outside_access_in_1 extended permit tcp any host OSCODA-EXT-OUT object-group SQLTEST_TCP inactive

access-list outside_access_in_1 extended permit udp any host OSCODA-EXT-OUT object-group SQLTEST inactive

access-list outside_access_in_1 extended permit tcp any host ALEXSYS123-EXT-OUT eq www

access-list outside_access_in_1 extended permit tcp any host ALEXSYS123-EXT-OUT eq https

access-list outside_access_in_1 extended deny icmp any any

access-list inside_access_out extended permit ip any any log

pager lines 24

logging enable

logging timestamp

logging trap notifications

logging asdm notifications

logging from-address asa@***.com

logging recipient-address jwright@***.com level errors

logging host inside 10.10.2.12

logging permit-hostdown

no logging message 302015

no logging message 302014

no logging message 302013

no logging message 302012

no logging message 302017

no logging message 302016

mtu backup 1500

mtu inside 1500

mtu outside2 1500

mtu outside 1500

mtu management 1500

ip local pool IPSECVPN2 10.10.11.76-10.10.11.100

ip local pool SSLVPN 10.10.11.101-10.10.11.200 mask 255.255.0.0

ip local pool IPSECVPN 10.10.11.25-10.10.11.75

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-623.bin

no asdm history enable

arp timeout 14400

global (backup) 1 207.***.***.132

global (outside) 1 204.***.***.99 netmask 255.255.255.224

nat (inside) 0 access-list nonat

nat (inside) 1 10.10.0.0 255.255.0.0

static (inside,outside) DAYTONA-EXT-OUT DAYTONA-INT netmask 255.255.255.255

static (inside,outside) AUTHENTICA-EXT-OUT AUTHENTICA-INT netmask 255.255.255.255

static (inside,outside) ALEXSYS123-EXT-OUT MIDOHIO-INT netmask 255.255.255.255

static (inside,outside) PMEUPDATE-EXT-OUT PMEUPDATE-INT netmask 255.255.255.255

static (inside,outside) FILETRANSFER-EXT-OUT FILETRANSFER-INT netmask 255.255.255.255

static (inside,outside) FTP-EXT-OUT FTP-INT netmask 255.255.255.255

static (inside,backup) FILETRANSFER-EXT-BAK FILETRANSFER-INT netmask 255.255.255.255

static (inside,backup) DAYTONA-EXT-BAK DAYTONA-INT netmask 255.255.255.255

static (inside,backup) AUTHENTICA-EXT-BAK AUTHENTICA-INT netmask 255.255.255.255

static (inside,backup) ALEXSYS-EXT-BAK MIDOHIO-INT netmask 255.255.255.255

access-group outside_access_in in interface backup

access-group inside_access_out in interface inside

access-group outside_access_in_1 in interface outside

route outside 0.0.0.0 0.0.0.0 204.***.***.97 1 track 1

route backup 0.0.0.0 0.0.0.0 207.***.***.129 254

route backup 62.109.192.0 255.255.240.0 207.***.***.129 1

route backup 64.68.96.0 255.255.224.0 207.***.***.129 1

route backup 66.114.160.0 255.255.240.0 207.***.***.129 1

route backup 66.163.32.0 255.255.240.0 207.***.***.129 1

route backup 209.197.192.0 255.255.224.0 207.***.***.129 1

route backup 210.4.192.0 255.255.240.0 207.***.***.129 1

timeout xlate 3:00:00

timeout conn 24:00:00 half-closed 0:05:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

webvpn

  http-proxy enable

aaa-server PMERADIUS protocol radius

aaa-server PMERADIUS (inside) host HOMESTEAD-INT

key ******

radius-common-pw ******

aaa authentication ssh console LOCAL

http server enable

http 10.10.0.0 255.255.0.0 inside

http 172.17.0.0 255.255.255.0 management

http redirect backup 80

http redirect outside 80

snmp-server location Server Room

snmp-server contact Jay Wright

snmp-server community *****

snmp-server enable traps snmp authentication linkup linkdown coldstart

sla monitor 100

type echo protocol ipIcmpEcho 216.***.***.*** interface outside

timeout 3000

frequency 10

sla monitor schedule 100 life forever start-time now

crypto ipsec transform-set PM1 esp-3des esp-md5-hmac

crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac

crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map dyn1 1 set pfs group1

crypto dynamic-map dyn1 1 set transform-set PM1

crypto dynamic-map dyn1 1 set security-association lifetime seconds 28800

crypto dynamic-map dyn1 1 set security-association lifetime kilobytes 4608000

crypto dynamic-map dyn1 1 set reverse-route

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map cryptomap1 1 ipsec-isakmp dynamic dyn1

crypto map cryptomap1 interface backup

crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map outside_map interface outside

crypto ca trustpoint ***.***.com

enrollment terminal

fqdn ***.***.com

subject-name ***

keypair ***.***.com

crl configure

crypto ca certificate chain vpn.prattmiller.com

certificate 041200616c79f4

    30820577 3082045f a0030201 02020704 1200616c 79f4300d 06092a86 4886f70d

  quit

certificate ca 0301

    308204de 308203c6 a0030201 02020203 01300d06 092a8648 86f70d01 01050500

  quit

crypto isakmp identity address

crypto isakmp enable backup

crypto isakmp enable outside

crypto isakmp policy 1

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption aes-256

hash sha

group 5

lifetime 86400

crypto isakmp policy 50

authentication pre-share

encryption aes-256

hash md5

group 5

lifetime 86400

crypto isakmp nat-traversal 33

!

track 1 rtr 100 reachability

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 inside

ssh timeout 15

ssh version 2

console timeout 0

management-access inside

threat-detection basic-threat

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ntp server 64.22.86.210 source backup prefer

ssl trust-point ***.***.com outside

ssl trust-point ***.***.com backup

ssl trust-point ***.***.com outside2

webvpn

enable backup

enable outside2

enable outside

svc image disk0:/anyconnect-win-2.5.3055-k9.pkg 2

svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 3

svc profiles AllowRemoteUsers disk0:/AnyConnectProfile.xml

svc enable

internal-password enable

group-policy DefaultRAGroup internal

group-policy DefaultRAGroup attributes

dns-server value 10.10.2.1

vpn-tunnel-protocol IPSec l2tp-ipsec

default-domain none

group-policy DfltGrpPolicy attributes

dns-server value 10.10.2.1 10.10.2.62

vpn-idle-timeout 600

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

split-tunnel-policy tunnelspecified

split-tunnel-network-list value Split_Tunnel_List

default-domain value ***.local

webvpn

  url-list value Book1

  svc profiles value AllowRemoteUsers

  svc ask enable default webvpn timeout 10

group-policy AnyConnect internal

group-policy AnyConnect attributes

vpn-tunnel-protocol webvpn

webvpn

  svc ask enable default webvpn timeout 15

username jayw password *** encrypted privilege 15

username jwright password *** encrypted privilege 15

tunnel-group DefaultL2LGroup ipsec-attributes

pre-shared-key *

tunnel-group DefaultRAGroup general-attributes

default-group-policy DefaultRAGroup

tunnel-group DefaultRAGroup ipsec-attributes

pre-shared-key *

tunnel-group DefaultRAGroup ppp-attributes

authentication ms-chap-v2

tunnel-group DefaultWEBVPNGroup general-attributes

address-pool (backup) IPSECVPN2

address-pool (outside2) IPSECVPN2

address-pool (outside) SSLVPN

address-pool SSLVPN

authentication-server-group PMERADIUS

tunnel-group pm_ipsec type remote-access

tunnel-group pm_ipsec general-attributes

address-pool IPSECVPN2

tunnel-group pm_ipsec ipsec-attributes

pre-shared-key *

tunnel-group prattmiller type remote-access

tunnel-group prattmiller general-attributes

address-pool IPSECVPN

tunnel-group prattmiller ipsec-attributes

pre-shared-key *

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 1024

policy-map global_policy

class inspection_default

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  inspect pptp

class class-default

!

service-policy global_policy global

smtp-server 10.10.2.6

prompt hostname context

Cryptochecksum:d8428ae41569ebe5346837bda3723212

: end

Hi there,

Please check above couple of my posts, I did before you post your full config.

thanks

I receive an error trying to enter it

CORVID-WC(config-tunnel-general)# authentication-server-group (outside) HOMESTEAD

ERROR: aaa-server group HOMESTEAD does not exist

HOMESTEAD is a host not a server group

rizwanr74 wrote:
Please change your authentication method as shown below for AnyConnect clients.

aaa-server PMRADIUS  protocol radius
  aaa-server PMRADIUS  host HOMESTEAD
  key my-shared-key

tunnel-group DefaultWEBVPNGroup general-attributes
  authentication-server-group (outside) HOMESTEAD




tunnel-group YOUR-TUNNEL-GROUP-NAME general-attributes
  authentication-server-group HOMESTEAD


let me know, if this helps.

thanks