collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: AnyConect Mobility can't establish VPN to ASA  (Read 19202 times)

Offline dong

  • Cisco Newbie
  • *
  • Posts: 13
  • Reputation: 1
  • Certification: CCNP
AnyConect Mobility can't establish VPN to ASA
« on: June 11, 2015, 01:36:02 AM »
Hi all,
I have configure VPN server on ASA5512-X connect to Cisco ISE for authentication, authorization. But when I use AnyConnect Mobility Client connect to ASA I receive log and not establish VPN.
3:00:31 PM    Contacting 172.16.2.227.
     3:00:44 PM    User credentials entered.
     3:00:44 PM    Establishing VPN session...
     3:00:44 PM    The AnyConnect Downloader is performing update checks...
     3:00:44 PM    Checking for profile updates...
     3:00:44 PM    Checking for product updates...
     3:00:49 PM    Establishing VPN session...
     3:00:49 PM    Establishing VPN - Initiating connection...
     3:00:49 PM    VPN establishment capability from a remote desktop is disabled.  A VPN connection will not be established.
     3:00:49 PM    AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.
     3:00:49 PM    VPN session ended.


This is my configure in ASA

webvpn
 enable outside
 anyconnect image disk0:/anyconnect-win-4.0.02052-k9.pkg 1
 anyconnect enable

group-policy DfltGrpPolicy attributes
 dns-server value 172.16.6.2
 vpn-tunnel-protocol ikev1 ssl-client
 default-domain value abc.com
 split-dns value abc.com
group-policy vpn internal
group-policy vpn attributes
 wins-server value 172.16.6.2 172.16.6.10
 dns-server value 172.16.6.2 172.16.6.10
 vpn-tunnel-protocol ikev1 ssl-client
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value vpn_Split
 default-domain value abc.com
group-policy vpnkdn internal
group-policy vpnkdn attributes
 wins-server value 172.16.6.2 172.16.6.10
 dns-server value 172.16.6.2 172.16.6.10
 vpn-tunnel-protocol ikev1 ikev2 ssl-client
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value vpnkdn_Split
 default-domain value abc.com
 address-pools value MYPOOL
 webvpn
  anyconnect keep-installer installed
  anyconnect ask none default anyconnect

ip local pool MYPOOL 172.16.101.101-172.16.101.200 mask 255.255.255.0

aaa-server ISE protocol radius
aaa-server ISE (outside) host 172.16.6.193
 retry-interval 2
 key *****
 authentication-port 1812
 accounting-port 1813
 radius-common-pw *****

tunnel-group DefaultRAGroup general-attributes
 authentication-server-group ISE
tunnel-group DefaultWEBVPNGroup general-attributes
 address-pool MYPOOL
 authentication-server-group ISE
tunnel-group vpnkvt type remote-access
tunnel-group vpnkvt general-attributes
 address-pool MYPOOL
 authentication-server-group ISE LOCAL
 default-group-policy vpnkvt
tunnel-group vpnkvt webvpn-attributes
 group-alias KVT enable



When user login web vpn authen is ok. but when AnyConnect Mobility can't establish VPN

Please help me fix error.
Thanks

Offline dong

  • Cisco Newbie
  • *
  • Posts: 13
  • Reputation: 1
  • Certification: CCNP
Re: AnyConect Mobility can't establish VPN to ASA
« Reply #1 on: June 13, 2015, 08:55:24 AM »
Hi all,
I Can fix my problem, this guide help me
You are not allowed to view links. Register or Login

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: AnyConect Mobility can't establish VPN to ASA
« Reply #2 on: June 16, 2015, 09:16:03 PM »
Yep.. By default you cannot connect to AnyConnect VPN from RDP session. You need to allow it on the Client Profile via ASDM. Thank you for sharing.

Offline tshi

  • Cisco Newbie
  • *
  • Posts: 2
  • Reputation: 0
  • Certification: CCNP
Re: AnyConect Mobility can't establish VPN to ASA
« Reply #3 on: November 17, 2015, 07:20:15 PM »
Not sure what I am doing wrong but I have tried the suggested solution last year to no avail.

132    -rwx  2137         23:52:56 Sep 23 2014  RA-SSL-Profile.xml

group-policy AnyConnect-GROUP internal
group-policy AnyConnect-GROUP attributes
dns-server value x.x.x.x
vpn-simultaneous-logins 1
vpn-idle-timeout 1440
vpn-filter value VPN_RESTRICT
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_Split_Tunnel
webvpn
anyconnect modules value dart
anyconnect profiles value RA-SSL-Profile type user

Offline tshi

  • Cisco Newbie
  • *
  • Posts: 2
  • Reputation: 0
  • Certification: CCNP
Re: AnyConect Mobility can't establish VPN to ASA
« Reply #4 on: November 18, 2015, 10:59:39 AM »
Please disregard as  it is working. Not sure why it didn't work before.

 

Related Topics

  Subject / Started by Replies Last post
0 Replies
16547 Views
Last post March 28, 2016, 03:35:42 PM
by aleopoldie

SimplePortal 2.3.7 © 2008-2024, SimplePortal