Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4913
Views
0
Helpful
4
Replies

Web VPN - Login Failed

cmelvin
Level 1
Level 1

‎11-08-2010 09:07 AM

Hello,

I am having an issue setting up the VPN on my asa 5505. I went through the VPN wizard on asdm 6.2.1. I can see the login website, but no matter what, I cannot log in. I have tried local user accounts and NT user accounts. My domain controller is win03. No one is connected so it shouldn't be a problem with licensing.

I don't know too many debug commands, but I did a "debug http." After trying to login in I get this: net_handle->standalone_client [0].

Can anyone give me some advise?

attached is my show run

Labels:
74859-show run.txt.zip
0 Helpful
4 Replies 4

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎11-08-2010 12:48 PM

Hi,

You can still access ASDM via TCP 443 but when trying to log in via WebVPN can't authenticate the user?

Do you use the following?

https://x.x.x.x/admin --->  ASDM

https://x.x.x.x  --> WebVPN

If I understand correctly you do get the page but won't accept the user credentials correct?

To allow the WebVPN users to connect using local database, you need to configure the webvpn users to use local authentication.

If you're using an external authentication server, you can ''test'' the user from the ASA (before connecting from WebVPN)

test aaa authentication user xxxx pass xxx

Federico.

0 Helpful

cmelvin
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-09-2010 06:00 AM

Correct. The ASDM works correctly. The webVPN authentication is my issue. I currently have NT Domain as an AAA server group. If I test the authentication, it works. So i am pretty sure the server is setup correctly, but I am thinking there is a policy that I have configured incorrectly. In the connection profile, I have a profile setup that is set to authenticate with the NT domain. The default 2 connection profiles are turned off.

One other thing that I feel that I should mention... If I set that connection profile to use local authentication and setup a local user, I get the same error...

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to cmelvin

‎11-11-2010 05:12 PM

Craig,

Maybe the SSL connection is falling under the default profile and not under your profile (the debugs will tell you this).

Make sure that the group-policy is applied correctly to the webvpn profile to make sure the user authentication falls here.

Federico.

0 Helpful

cmelvin
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-15-2010 05:20 AM

Frederico,

Thanks for your suggestions. I am pretty sure that the settings are being applied to the correct profile and not the default one. Is there a way to delete the default profiles?

Also, are there any good debugs that will show the authentication process? I am a little lost as to where this is getting stuck.

0 Helpful
Customers Also Viewed These Support Documents