Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

WEBVPN :: "ERROR: Failed to enable WebVPN"

Hello everybody.

I have a problem enabling "wbvpn" on any interface. Every time the ASA show me the following log:

ASA(config-webvpn)# enable outside

Could not start webvpn

ERROR: Failed to enable WebVPN.


I have a ASA5510 V. 8.0(3)6 with WebVPN License.

If somebody knows anything about this problem, i will really appreciate for your comments.

Thanks in advance.

----------------- ASA WEB VPN Config ----

hostname ASA


enable password *** encrypted


name VPN-3 description VPN-3 Externo


interface Ethernet0/0

nameif outside

security-level 0

ip address

ospf cost 10


interface Ethernet0/1

speed 100

duplex full

nameif inside

security-level 100

ip address

ospf cost 10


interface Ethernet0/2

speed 100

duplex full

nameif DMZ

security-level 50

ip address

ospf cost 10


tcp-map alltcp


tcp-map msstcpmap

exceed-mss allow

queue-limit 250

mtu outside 1500

mtu inside 1600

mtu DMZ 1600

mtu management 1500

ip local pool Pool-VPN-3 mask

icmp unreachable rate-limit 1 burst-size 1

icmp permit outside

icmp permit inside

icmp permit inside

asdm image disk0:/asdm-603.bin

no asdm history enable

arp timeout 14400

timeout xlate 5:01:00

timeout conn 15:00:00 half-closed 0:10:00 udp 0:10:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 2:00:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:30:00 uauth 5:00:00 absolute

dynamic-access-policy-record DfltAccessPolicy

aaa authentication enable console LOCAL

http server enable 7443

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 86400

crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption aes

hash sha

group 2

lifetime 86400


group-policy SSL-SAPOLIO internal

group-policy SSL-SAPOLIO attributes

vpn-tunnel-protocol SSL-SAPOLIO


url-list none

group-policy Remote-VPN internal

group-policy Remote-VPN attributes

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value VPN-3-ACL

default-domain value

username jlvelasquez password **** encrypted

username jlvelasquez attributes

vpn-group-policy SSL-SAPOLIO

service-type remote-access

username jpozo password **** encrypted

username jpozo attributes

vpn-group-policy Remote-VPN

service-type remote-access

tunnel-group Remote-VPN type remote-access

tunnel-group Remote-VPN general-attributes

address-pool Pool-VPN-3

default-group-policy Remote-VPN

tunnel-group Remote-VPN ipsec-attributes

pre-shared-key *

tunnel-group SSL-SAPOLIO type remote-access

tunnel-group SSL-SAPOLIO general-attributes

default-group-policy SSL-SAPOLIO


policy-map IPS_policy_OUT

class ips_class_map_OUT

ips inline fail-open

policy-map global_policy

class mssclassmap

set connection advanced-options msstcpmap

policy-map IPS_policy_DMZ

class ips_class_map_DMZ

ips inline fail-open


service-policy IPS_policy_OUT interface outside

service-policy IPS_policy_DMZ interface DMZ



Re: WEBVPN :: "ERROR: Failed to enable WebVPN"

Can you post here your "show run all http"

Community Member

Re: WEBVPN :: "ERROR: Failed to enable WebVPN"

Hi, this is the output:

ASA# show run all http

http server enable 7443

http outside

http management

http inside

http DMZ

José Luis

Re: WEBVPN :: "ERROR: Failed to enable WebVPN"

Thanks, http is enabled, can you get the "show run all webvpn"

Community Member

Re: WEBVPN :: "ERROR: Failed to enable WebVPN"

Hi, this is the output:

ASA# show run all webvpn


memory-size percent 50

port 443

dtls port 443

character-encoding none

no http-proxy

no https-proxy

default-idle-timeout 1800

no csd enable

no svc enable

no tunnel-group-list enable

rewrite order 65535 enable resource-mask *

no internal-password

no onscreen-keyboard

no default-language

no keepout


no disable

max-object-size 1000

min-object-size 0

no cache-static-content enable

lmfactor 20

expiry-time 1

no auto-signon

no error-recovery disable

: # show import webvpn customization

: Template

: DfltCustomization

: # show import webvpn url-list

: Template

: No bookmarks are currently defined

: # show import webvpn translation-table

: Translation Tables' Templates:

: PortForwarder

: banners

: customization

: plugin-rdp

: plugin-ssh,telnet

: plugin-vnc

: url-list

: webvpn

: Translation Tables:

: fr PortForwarder

: fr csd

: fr customization

: fr plugin-rdp

: fr plugin-ssh,telnet

: fr plugin-vnc

: fr webvpn

: ja PortForwarder

: ja csd

: ja customization

: ja plugin-rdp

: ja plugin-ssh,telnet

: ja plugin-vnc

: ja webvpn

: ru PortForwarder

: ru customization

: ru webvpn

: # show import webvpn mst-translation

: No MS translation tables defined

: # show import webvpn webcontent

: No custom webcontent is loaded

: # show import webvpn AnyConnect-customization

: No OEM resources defined

: # show import webvpn plug-in

: rdp

: ssh,telnet

: vnc


Cisco Employee

Re: WEBVPN :: "ERROR: Failed to enable WebVPN"

You might be hitting a bug. Can you post the output of "show memory detail"?


Community Member

Re: WEBVPN :: "ERROR: Failed to enable WebVPN"

Hello, i attached the output of "show memory detail"


Cisco Employee

Re: WEBVPN :: "ERROR: Failed to enable WebVPN"

Ok, so there's enough memory. It could be something else. It would be best to go to a later 8.0(3) release or the latest 8.0(4) interim, as initial 8.0(3) had quite a few memory / webvpn bugs.

Community Member

Re: WEBVPN :: "ERROR: Failed to enable WebVPN"

Something rare happen with this ASA. Now i did the same command and it works!!, this is the output:

ASA(config-webvpn)# enable outside

INFO: WebVPN and DTLS are enabled on 'outside'.


May be it is a memory bug.

Thanks to all

José Luis

CreatePlease to create content