Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSL VPN Problem - ACL Parse Error

Hi there.

Testing some features in Cisco ASA SSL VPN(Clientless).

 

But when i connect to the portal, trying to login i get the following error, anybody seen this before?

It works if i ADD a ACL to the DAP, but dosn't if there is only a WEBACL applied??

It also works if i remove my "check" in "ssl-client" box in the global_policy  (Group Policy).

 

6|Mar 20 2014|16:45:09|716002|||||Group <global_policy> User <xx@example.com> IP <X.X.X.X> WebVPN session terminated: ACL Parse Error.
7|Mar 20 2014|16:45:09|720041|||||(VPN-Primary) Sending Delete WebVPN Session message user
xx@example.com, IP X.X.X.X to standby unit
4|Mar 20 2014|16:45:09|716046|||||Group <
global_policy> User <xx@example.com> IP <X.X.X.X> User ACL <testcustomer_attribute> from AAA dosn't exist on the device, terminating connection.
7|Mar 20 2014|16:45:09|720041|||||(VPN-Primary) Sending Create ACL List message rule DAP-web-user-E4EAC90F, line 1 to standby unit
7|Mar 20 2014|16:45:09|720041|||||(VPN-Primary) Sending Create ACL Info message DAP-web-user-E4EAC90F to standby unit
6|Mar 20 2014|16:45:09|734001|||||DAP: User
xx@example.com, Addr X.X.X.X, Connection Clientless: The following DAP records were selected for this connection: testcustomer_common_dap
7|Mar 20 2014|16:45:09|734003|||||DAP: User
xx@example.com, Addr X.X.X.X: Session Attribute aaa.cisco.tunnelgroup = common_tunnelgroup
7|Mar 20 2014|16:45:09|734003|||||DAP: User
xx@example.com, Addr X.X.X.X: Session Attribute aaa.cisco.username2 =
7|Mar 20 2014|16:45:09|734003|||||DAP: User
xx@example.com, Addr X.X.X.X: Session Attribute aaa.cisco.username1 = xx@example.com
7|Mar 20 2014|16:45:09|734003|||||DAP: User xx@example.com, Addr X.X.X.X: Session Attribute aaa.cisco.username = xx@example.com
7|Mar 20 2014|16:45:09|734003|||||DAP: User xx@example.com, Addr X.X.X.X: Session Attribute aaa.cisco.grouppolicy = global_policy
7|Mar 20 2014|16:45:09|734003|||||DAP: User xx@example.com, Addr X.X.X.X: Session Attribute aaa.radius["11"]["1"] = testcustomer_attribute
6|Mar 20 2014|16:45:09|113008|||||AAA transaction status ACCEPT : user =
xx@example.com
6|Mar 20 2014|16:45:09|113009|||||AAA retrieved default group policy (global_policy) for user = xx@example.com
6|Mar 20 2014|16:45:09|113004|||||AAA user authentication Successful : server =  X.X.X.X : user = xx@example.com

208
Views
0
Helpful
0
Replies
CreatePlease login to create content