Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Problem with AnyConnect Secure Mobility Client Downloader.


I've configured our ASA 5510 8.4(3) for remote client VPN using AnyConnect SSL.

I enter the URL for the WebVPN portal, I click on the "Start AnyConnect" link and I get the following error:

"Cannot update AnyConnect Secure Mobility Client 3.0.5080 because the file server is not enabled on the secure gateway. A VPN connection cannot be established."

I'm including my runnig config as well as show version.  Just in case it may be a license issue.  Any help would be greatly appreciated.

------ Running Config -------

: Saved


ASA Version 8.4(3)



domain-name XXXXXXXXXX

enable password XXXXXXXXXX encrypted

passwd XXXXXXXXXX encrypted



interface Ethernet0/0

nameif phys_0

security-level 0

no ip address


interface Ethernet0/0.511

vlan 511

nameif mtl-web2

security-level 0

ip address


interface Ethernet0/1

no nameif

no security-level

no ip address


interface Ethernet0/1.513

vlan 513

nameif mtl-srv

security-level 100

ip address


interface Ethernet0/2


no nameif

no security-level

no ip address


interface Ethernet0/3


no nameif

no security-level

no ip address


interface Management0/0


no nameif

no security-level

no ip address



boot system disk0:/asa843-k8.bin

ftp mode passive

dns domain-lookup mtl-srv

dns server-group DefaultDNS



domain-name tink.local

same-security-traffic permit inter-interface

object network NETWORK_OBJ_192.168.13.195


object network obj-


object-group network mtl-srv-net


object-group network mtl-voix2-net


object-group network ad-hosts

network-object host

network-object host

object-group network vergo_servers

network-object host

object-group network 75-queen

network-object host

network-object host

network-object host

access-list acl_mtl-srv extended permit icmp any any

access-list acl_mtl-srv extended permit ip any any

access-list acl_mtl-srv extended permit udp any any

access-list acl_mtl-web2 extended permit icmp any any

access-list acl_mtl-xcon extended permit icmp any any

access-list acl_mtl-bur extended permit ip object-group mtl-bur-net any

access-list mtl-web2_cryptomap extended permit ip host host

access-list mtl-web2 extended permit ip object-group 75-queen host

pager lines 24

logging enable

logging buffer-size 100000

logging console debugging

logging monitor debugging

logging buffered debugging

logging asdm debugging

logging class vpn asdm debugging

mtu phys_0 1500

mtu qmgt-inside 1500

mtu mtl-web2 1500

mtu pmgt-inside 1500

mtu mtl-srv 1500

mtu mtl-bur 1500

mtu mtl-xcon 1500

mtu mtl-voix2 1500

mtu management 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-647.bin

no asdm history enable

arp timeout 14400

nat (mtl-srv,mtl-web2) source static obj- obj- destination static obj- obj- no-proxy-arp

nat (mtl-srv,mtl-web2) source static NETWORK_OBJ_192.168.13.195 NETWORK_OBJ_192.168.13.195 destination static NETWORK_OBJ_192.168.97.51 NETWORK_OBJ_192.168.97.51

nat (mtl-srv,mtl-voix2) source static mtl-srv-net mtl-srv-net destination static mtl-voix2-net mtl-voix2-net no-proxy-arp route-lookup

nat (mtl-bur,mtl-web2) source dynamic mtl-bur-net interface

nat (mtl-srv,mtl-web2) source dynamic mtl-srv-net interface

nat (mtl-voix2,mtl-web2) source dynamic mtl-voix2-net interface


object network nat-webtest

nat (mtl-srv,mtl-web2) static

access-group acl_mtl-web2 in interface mtl-web2

access-group acl_mtl-srv in interface mtl-srv

access-group acl_mtl-xcon in interface mtl-xcon

route mtl-web2 1

route mtl-xcon 1

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa-server LDAP_SRV_GRP protocol ldap

aaa-server LDAP_SRV_GRP (mtl-srv) host

ldap-base-dn dc=tink, dc=local

ldap-scope subtree

ldap-naming-attribute sAMAccountName

ldap-login-password *****

ldap-login-dn CN=svc_asa_vpn,OU=Comptes-Service,OU=Tink,DC=tink,DC=local

server-type microsoft

user-identity default-domain LOCAL

aaa authentication ssh console LOCAL

http server enable

http mtl-srv

http mtl-web2

no snmp-server location

no snmp-server contact

crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec ikev2 ipsec-proposal 3DES-SHA

protocol esp encryption 3des

protocol esp integrity sha-1

crypto ipsec ikev2 ipsec-proposal AES256

protocol esp encryption aes-256

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES192

protocol esp encryption aes-192

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES

protocol esp encryption aes

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal 3DES

protocol esp encryption 3des

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal DES

protocol esp encryption des

protocol esp integrity sha-1 md5

crypto map mtl-web2_map 1 match address mtl-web2_cryptomap

crypto map mtl-web2_map 1 set peer

crypto map mtl-web2_map 1 set ikev1 transform-set ESP-3DES-SHA

crypto map mtl-web2_map interface mtl-web2

crypto ikev2 policy 1

encryption 3des

integrity sha

group 2

prf sha

lifetime seconds 43200

crypto ikev1 enable mtl-web2

crypto ikev1 policy 1

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

telnet timeout 5

ssh mtl-web2

ssh mtl-web2

ssh mtl-srv

ssh mtl-xcon

ssh management

ssh timeout 15

console timeout 0

no vpn-addr-assign aaa

dhcprelay server mtl-srv

dhcprelay enable mtl-voix2

dhcprelay timeout 60

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept


port 8080

enable mtl-web2

anyconnect image disk0:/anyconnect-win-3.0.5080-k9.pkg 1

anyconnect profiles INFRA_CONNECTION_PROFILE disk0:/infraConnection.xml

anyconnect enable

tunnel-group-list enable

group-policy GroupPolicy_216.226.58.234 internal

group-policy GroupPolicy_216.226.58.234 attributes

vpn-tunnel-protocol ikev1

group-policy GROUP_POLICY_1 internal

group-policy GROUP_POLICY_1 attributes

dns-server value


vpn-tunnel-protocol ssl-client ssl-clientless

default-domain value tink.local


  anyconnect profiles value INFRA_CONNECTION_PROFILE type user

  anyconnect ask enable default anyconnect

username root password WGfb6prWAtYhS8eE encrypted

tunnel-group type ipsec-l2l

tunnel-group general-attributes

default-group-policy GroupPolicy_216.226.58.234

tunnel-group ipsec-attributes

ikev1 pre-shared-key *****

tunnel-group TUNNEL_GROUP_1 type remote-access

tunnel-group TUNNEL_GROUP_1 general-attributes

authentication-server-group LDAP_SRV_GRP

default-group-policy GROUP_POLICY_1


tunnel-group TUNNEL_GROUP_1 webvpn-attributes

group-alias Group1 enable


class-map Voice

match access-list acl_mtl-voix2-voipqos

class-map inspection_default

match default-inspection-traffic

class-map Data



policy-map type inspect dns preset_dns_map


  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

  inspect icmp

policy-map VoicePolicy

class Voice



service-policy global_policy global

prompt hostname context

no call-home reporting anonymous


profile CiscoTAC-1

  no active

  destination address http

  destination address email

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily


: end

-------- Show version  ---------

Licensed features for this platform:

Maximum Physical Interfaces       : Unlimited      perpetual

Maximum VLANs                     : 100            perpetual

Inside Hosts                      : Unlimited      perpetual

Failover                          : Active/Active  perpetual

VPN-DES                           : Enabled        perpetual

VPN-3DES-AES                      : Enabled        perpetual

Security Contexts                 : 2              perpetual

GTP/GPRS                          : Disabled       perpetual

AnyConnect Premium Peers          : 25             perpetual

AnyConnect Essentials             : Disabled       perpetual

Other VPN Peers                   : 250            perpetual

Total VPN Peers                   : 250            perpetual

Shared License                    : Disabled       perpetual

AnyConnect for Mobile             : Disabled       perpetual

AnyConnect for Cisco VPN Phone    : Disabled       perpetual

Advanced Endpoint Assessment      : Disabled       perpetual

UC Phone Proxy Sessions           : 2              perpetual

Total UC Proxy Sessions           : 2              perpetual

Botnet Traffic Filter             : Disabled       perpetual

Intercompany Media Engine         : Disabled       perpetual

This platform has an ASA 5510 Security Plus license.


Everyone's tags (5)
CreatePlease to create content