Cisco Firewall :: ASA 5505 8.4.4 Stops Using EzVPN After Configuration

Sep 24, 2012

I've got some ASA5505 which run as EzVPN clients in NEM, connecting to a ASA5510 as head-end. The ASAs are configured with a CSM and AUS. But whenever they are getting a new configuration through the AUS they stop trying to establish an EzVPN connection to the head-end. After a "reload" they run with the new configuration and establish the tunnel as expected.

View 1 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5505 - Randomly Stops Responding

Jun 5, 2012

I have an asa5505 with software version 7.2(3) that randomly stops responding. The firewall sits in front of a public facing webserver that handles a significant amount of traffic.I was wondering that would happen when the asa5505 reaches or exceeds the 4000 connections per second limit... i.e. would this possibly explain why my asa5505 stops responding and requires a power cycle in order to start working again. when it "crashes" it does not respond on either the outside or inside interfaces.

View 5 Replies View Related

Cisco Firewall :: ASA 5505 Stops Accepting Connections

Nov 21, 2012

A client has an ASA 5505 with a base license.  The version information and configuration is attached.  In 8 hours, sometimes less and infrequently more, it becomes inaccessible.  All connections are dropped and the only way to access the device is through a console connection.  The WAN interface (VLAN 3) is connected to Verizon FIOS.  The interface was set to 100 MBps and full duplex, but I just changed it to auto on both the speed and duplex to see what would happen.  The LAN interface (VLAN 1) is also set to 100 MBps and full duplex  It has not been changed.
 
The last time it happened logging was running, but nothing in the log indicated a problem.  In fact, the last log entry was a couple of hours before the lockup (there's little or no traffic on the ASA while the problem is being diagnosed).

View 3 Replies View Related

Cisco VPN :: Client Behind EzVPN Remote (ASA 5505)?

Feb 2, 2012

I try to configure a simple EzVPN infrastructure:
 
EzVPN Server (CISCO2811, hostname cme) < -- > EzVPN Remote (ASA5505, hostname ezvpn-asa) < -- > Client
 
Attached you find both configuration of the EzVPN server and remote. The tunnel is getting up and if I ping from the ASA to the Router, I see the packets getting encrypted:
 
ezvpn-asa# ping 172.16.100.1
...
ezvpn-asa# show crypto ipsec sa
interface: outside
Crypto map tag: _vpnc_cm, seq num: 10, local addr: 172.16.100.2

[code]....
 
If I connect a client with IP address 192.168.1.2 to the interface eth0/1 and do a ping to the cme, I don't see any packets getting encrypted. I don't have any idea about VPN, I just need it for a wireless lab environment. What do I have to configure on the ASA, so the inside traffic is encrypted?

View 2 Replies View Related

Cisco Firewall :: ASA 5505 (9.1.1) & Comcast Business Cable Stops Passing Traffic

Apr 18, 2013

I am trying to determine why Comcast Business Class modem configured with a static IP (IPV4) works with a laptop or Linksys Cable modem but not with a Cisco ASA 5505. After a few minutes, the 5505 stop passing web traffic. I am able to ping the default gateway even though I can not surf the web. Restarting the 5505 and the Comcast modem, web traffic flows for a short period of time, then stops. I can connect inside the firewall via ASDM 7.1.1 and via SSH. I can not connect via either from the outside.  Comcast tech support indicated their router is working and is configured in bridge mode. I swapped out the 5505's memory, and then with another 5505. Nothing seems to resolve the issue. I am trying to determine if the 5505 or the Comcast router is not configured correctly.
 
Here are the parameters: The 5505 was reset to default factory settings via the command: config factory-default. Configured the outside interface with static IP Address followed by the no shutdown command, then removed DHCP features from outside interface.  Added Comcast DNS servers, default route, ntp servers, configured DHCP features on the inside interface. Enabled HTTP/SSH (inside & outside interfaces) and ICMP echo-reply (outside only).
 
I believe the Comcast modem is not configured correctly. The show version and show startup output are below.
 
ciscoasa# show version
Cisco Adaptive Security Appliance Software Version 9.1(1)
Device Manager Version 7.1(2)

[Code].....

View 5 Replies View Related

Cisco Firewall :: ASA 5505 Transparent Firewall Configuration?

Sep 11, 2007

I want to configure an ASA 5505 in transparent mode (7.x). Somehow, I got it to work.. but i need some kind of step by step description. I just want to connect it with outside on a route .. inside in my LAN. Its working now with one ASA. But in the Web Interface the Interfaces inside and outside are down.. but its working.

View 5 Replies View Related

Cisco Firewall :: ASA 5505 - SIP Configuration Without NAT

Oct 15, 2012

I am new to using the ASA 5505 appliance.  I have successfully configured it so far, but the one piece that eludes me and I can't find an example of configuring SIP with internal (DMZ security level 50)) VoIP phones to an external call manager (external, security level 0) without using NAT.  I have an internal V LAN to an internal B2 router (and management) on eth0/7, an external V LAN (/30 to an external B1 border router) and five different DMZ V LAN on ports eth0/1-eth0/5.
 
On the external router, the internal interface going to ASA5505 are separate sub-interfaces for each V LAN in the DMZ and one /30 V LAN to connect between the router and ASA.  I am using vrf forwarding on the DMZ sub interfaces with IPSEC/GRE tunnels to keep the routing tables separate.  I cannot have the different DMZ V LAN's communicate with each other (that's why I am using vrf).
 
Everything works, all my tunnels are up, I  can ping to the external sites from the DMZ V LAN's and pass data, but I am stymied by setting up VoIP.  When I used the wizard (big mistake) it setup up all sorts of certificates and NAT (since I really didn't know what I was doing at this point).
 
Any hints on configuring VoIP from phones in the DMZ V LAN's to an external call manager?
 
I would include the current config, but I have to hand transcribe it since we don't allow usb connectivity.  I might be able to provide it a little later.  i am using ASDM 6.4 and ASA IOS 8..4

View 7 Replies View Related

Cisco Firewall :: ASA 5505 - Set Up DSL Configuration?

Nov 11, 2012

I am setting up an ASA 5505 for a customer. I am not sure how to config the firewall when it is connected to a dsl modem. I tried to do a ordinary config just like the ones thats connected to a ordinary router.
 
The topology is:

[code]...

View 2 Replies View Related

Cisco Firewall :: ASA 5505 DMZ Configuration

Jan 9, 2012

I am attempting to configure an ASA 5505 which is connected to 3 networks for access to an inside email server.  Don't pay attention to the names on this config as they are not intuitive.
 
The 3 vlans are:
vlan 1 which has an IP of 192.168.x.1 - Connected to inside (which is really the dmz)
nameif inside
e0/1 is assigned to this

[Code].....

View 5 Replies View Related

Cisco Firewall :: ASA 5505 Backup ISP Configuration

Jun 13, 2011

I'm having problems configuring an asa 8.2(1) with a backup isp.  I followed the asdm instructions in this document: [URL]
 
I have my backup interface configured as DHCP and the static routes set. Pinging the gateway and other external IP address from the backup interfaces works normally. I have also tried configuring the backup interface as a static address but got the same results.
 
When removing the primary wan link, all traffic stops. When I ping a external DNS, I get these errors in the log: portmap translation creation failed for udp src inside: 192.168.13.23 dst backup:208.67.222.222_type 8, code0)
 
I though this type of error is related to a NAT problem, not sure where to look though.

View 4 Replies View Related

Cisco Firewall :: QoS Policing Configuration On An ASA 5505?

Jun 10, 2013

I'm working on QoS policing configuration on an ASA 5505.The ASA is situated behind a cable modem which provides an SLA of 3.2Mbps out.I've configured a QOS policy to place VoIP and other essential traffic (RDP/Citrix/PCoIP) into a priority queue, whilst policing default class to 3.2Mbps to police out to the cable modem.I can see on the outside interface graphs that this is rating the output traffic down to 3.2Mbps as expected, but noticing at certain points of high output traffic drops down to 1.6Mbps.  I can't see anything obvious in syslog or any other areas to look, so looking for any pointers as to why the speed is suddenly dropping down.  Likewise if I rate the output to 2Mbps, it will suddenly drop down to 1Mbps at high output rates.the ASA is running on 8.0(5) and I enclose a copy of the sample QoS config below and attached a sanitized run config, as well as screenshot taken of the outside interface Bit Rates plus service-policy.
 
access-list VoIP-Traffic-OUT extended permit tcp 172.16.6.0 255.255.255.0 host 68.98.217.252 eq h323
access-list VoIP-Traffic-OUT extended permit udp 172.16.6.0 255.255.255.0 host 68.98.217.252 object-group rtp
access-list VoIP-Traffic-OUT extended permit tcp 172.16.6.0 255.255.255.0 host 68.98.217.252 eq 2000  
access-list VMs-Traffic-Out extended permit tcp 172.16.6.0 255.255.255.0 192.168.168.0 255.255.255.0 eq 3389
access-list VMs-Traffic-Out extended permit tcp 172.16.6.0 255.255.255.0 192.168.168.0 255.255.255.0 eq citrix-ica
access-list VMs-Traffic-Out extended permit tcp 172.16.6.0 255.255.255.0 192.168.168.0 255.255.255.0 eq 4172

[code]....

View 6 Replies View Related

Cisco Firewall :: 5505 - Restore Configuration From Other ASA

Sep 26, 2012

I have the configuration file of the ASA  5505 I have another exactly model that asa is new but  this my first time working with an ASA.
 
I going to configure it an  ip address  in the  0/0 interface and then use TFTP to upload the config to the   start-up config and the save it and reload the ASA.

is that enough? or the ASA has  extra steps??

View 3 Replies View Related

Cisco Firewall :: 1-1 NAT And PPTP Configuration - ASA 5505?

Mar 22, 2011

I need add following to our firewall configuration ( we are changing watchguard firewall to cisco and it was necessary to be configured this way )
 
1) I need to create 1-1 NAT for our voip system and video conferencing unit and to do it as bellow

VOIP-SIP : from 85.90.225.100 to 217.207.96.121 on port tcp/udp 5060
VC-SIP : from any_external to 217.207.96.120 on port tcp/udp 5060
VC-Video : from any_external to 217.207.96.120 on port tcp/udp 60000 to 64999
VOIP-RTP :  from 85.90.225.100 to 217.207.96.121 on port tcp/udp 10000 - 20000
 
2) I need to eneble to pass PPTP traffic from outside to inside and vice versa
 
current config:
Result of the command: "show running-config"
: Saved:ASA Version 8.2(2) !hostname ciscoasa
 
namesname 10.10.1.19 barracudaname 192.168.1.2 ctxdmzname 10.10.1.39 ftp1name 10.10.1.38 ftp2name 10.10.1.37 ftp3name 10.10.1.192 mailsvrname 217.207.96.114 outside_114name 217.207.96.115 outside_115name 217.207.96.116 outside_116name 217.207.96.117 outside_117name 217.207.96.118 outside_118name 217.207.96.119 outside_119name 217.207.96.120 outside_120name 10.10.1.8 transfer_servername 10.10.1.10 backupsvrname 10.10.1.4 citrixsvr1name 85.90.225.100 voip_sipname 10.10.1.9 minimac1name 82.111.186.146 sdt_rdpname 217.207.96.121 outside_121!interface Vlan1 nameif inside security-level 100 ip address 10.10.1.1 255.255.255.0 !interface Vlan3 nameif dmz security-level 50 ip address 192.168.1.1

[code]....

View 5 Replies View Related

Cisco Firewall :: PPoe Configuration In ASA 5505?

Mar 19, 2012

I want to know the ppoe configuration in asa5505 firewall. IN my office i have a asa5505 and i get conncetion from local isp which is nothing but ppoe connection so how to do this.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Configuration For AT&T Microcell

Mar 2, 2011

We got an AT&T Microcell a couple of weeks ago, hooked it up to our CISCO PIX 506 firewall and it worked "out of the box". We then upgraded to a CISCO ASA 5505 when the Pix died last week. Got the ASA 5505 up and running pretty much "out of the box", only having to setup our IP addresses (inside & outside). The 5505 is NOT configured as DHCP since I have an existing server in house that assigns IP addresses and I don't want to mess around with changing everything. However the Microcell wasn't working on the new 5505. Found in the Microcell manual that the following had to be "open":

123/UDP (NTP)
443/TCP (HTTPS)
4500/UDP (IPSec NAT Traversal)
500/UDP (IPSec phase 1 prior to NAT detection)
 
From the 5505 Config Guide, I found that I needed to ENABLE NAT-T, so I did this with the following commands:
crypto isakmp enable outside
crypto isakmp nat-traversal 3600
 
Using the "Packet Tracer" in ASDM, I found that ALL 4 types of packets were allowed going from the ATT Microcell (192.168.10.52 on my INSIDE network) to the OUTSIDE interface (66.xxx.xx.xx). However, all 4 types of packets FAILED when the Packet Trace was reversed (Source = 66.xxx.xx.xx, Destination 192.168.10.52).
 
The Packet Trace pointed to the "implicit rule" to DENY IP traffic. So, using the ASDM, I setup Access Lists for the above 4 ports/protocols, both on the INSIDE & OUTSIDE interface, both INCOMING & OUTGOING. Still, no success and the Packet Trace in ASDM still pointed to the IMPLICIT DENY rule on either the INSIDE or OUTSIDE interface, depending on which Interface I was initiating the Packet Trace. I tried setting the Access Rules for "Any" IP Address (not just the public IP or the Microcell IP) on both the Source/Destination for all 4 ports. What is even more confounding is that when setting up these access lists to PERMIT traffic, my internal network  Internet traffic stopped for ALL workstations on my network. Phone started ringing no more than a minute after I applied any PERMIT rule. By deleting the rule just installed, traffic started flowing again.
 
My number one questin is why don't the access lists work and why does settin up a "permit rule" kill my internet traffic?
 
I'm not a network expert and sprinkle holy water on our network every morning. I cringe when I have to make changes (like putting in a new firewall) because I don't know all the inner workings, parameters and setups done over the years by predecessors. I need to get the ATT Microcell up and running and figure the experience will be beneficial as our next step is to setup a VPN.

View 3 Replies View Related

Cisco Firewall :: ASA 5505 Configuration Required

Apr 29, 2013

I have a problem with the configuration of the ACL of my ASA 5505 router.However, the syntax seems okay,access-list 121 extended deny icmp 192.168.0.0 255.255.255.0 .

View 3 Replies View Related

Cisco Firewall :: Getting ASA 5505 Vlan Configuration?

Mar 14, 2013

I have IOS 8.0(4) and the base 50 User License...will this config work?  I have two networks; my home network, and my lab.  I want to split my Internet connection between them, but keep the networks separate for the most part.  Will my license allow this config since I can't do DMZ?
 
interface Ethernet0/0
switchport access vlan 3
!
interface Ethernet0/1
switchport access vlan 1
!
interface Ethernet0/2
switchport access vlan 2

[code]....

View 1 Replies View Related

Cisco Firewall :: ASA5510 - Routing From EzVPN Client To Non-LAN Zone

Feb 24, 2013

I got a Problem with Routing on a ASA5510.
 
I have ezVPN Clients connected to the ASA5510. Those Clients are assigned an IP from 192.168.236.0/24 Pool.
 
I have a Router of a contractor connected to a dedicated ASA Interface called IBIZA with IP Net 10.100.10.0/24 and the Router itself with the IP 10.100.10.1. Behind that Router is another private Network which I need to reach from the ezVPN Clients.
 
The Connection from the ezVPN Clients to the "LAN" Interface/Network on the ASA works fine, but I cannot reach either the Contractor Router (10.100.10.1) nor the Network behind that.
 
From the LAN Network (on the LAN Interface) I can reach both the Contractor Router and the Network behind.
 
When I use the Packet Tracer Tool from the ASDM it tells me that the Traffic goes through but ends on the LAN Interface. But it should end on the IBIZA Interface or am I wrong here ?
 
What do I need to tell the ASA to route the Traffic from the ezVPN Client to the Contractor Router and back ? I have set up the ezVPN Connection as full-tunnel so all Traffic goes through the VPN Tunnel. That shouldn´t be the Problem.

View 10 Replies View Related

Cisco Firewall :: ASA 5505 Configuration Cannot Get To Internal Network

Jan 25, 2012

I now need to configure an ASA 5505 for a small server farm.  It's fairly straightforward:isp -> asa5505 -> internal servers,'m using static addresses -- no DHCP involved.VPN works;  I can get into the internal network.pinging from the ASA to an external address works,However, I cannot get from a laptop connected to an internal port out to the internet, either using ping or typing an address in the browser.

View 7 Replies View Related

Cisco Firewall :: ASA 5505 Active / Standby Configuration?

Sep 21, 2011

i have 2 ASA 5505 running 8.3(1) and ASDM 6.3(1).
 
the first unit is currently working, and i now wish to configure the second unit as standby. im configuring through the ASDM GUI. Started the HA Wizard, choose Active/Standby configuration and enter the IP of the peer device. checks come back all ok. On the LAN link configuration page (step 3of6) Interface is pre selected as VLAN99, I give it a logical name as iface_fail, and enter 10.0.0.1 as primary address and 10.0.0.2 as standby, subnet as 255.255.255.248, and select port Ethernet0/5
 
Note that if i click on the buttons next to the IP fields, i get IP addresses of remote hosts!.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Configuration For Home Network

Sep 4, 2012

I've been trying to configure a cisco ASA 5505 for my home network but I'm not having much joy with it. I've looked at countless guides, tutorials and followed the ASA setup wizard in ASDM. The Cisco 1841 is running sub-interfaces for my VLAN's.

View 4 Replies View Related

Cisco Firewall :: Prepare ASA 5505 Configuration To Be Used At Next Reboot

Jan 26, 2012

For a customer I have to move the ASA 5505 firewall to a new internet connection. I have modified the config in a notepad textfile and want to put it on flash or so, so that it will be loaded at next reboot.

View 3 Replies View Related

Cisco Firewall :: ASA 5505 - Backup ISP Link Configuration?

Jan 28, 2013

I'm working on setting up a backup link for our ASA 5505 and I've followed these directions:  [URL]
 
The backup ISP gives us a dynamic address, however, when I enable the backup ISP's interface on the ASA, my vpn tunnels drop. As soon as I disable the backup interface, the tunnels come back up. I'm attempting to configure this across one of these tunnels, so obviously this is an issue, as is the fact that other people need the tunnels as well. I'm not sure what I did to make this happen, but I've been over the config many times and can't see anything different from the instructions in the link above.
 
I thought it might be trying to route traffic across the backup interface, but my primary interface is tracked and has SLA running on it, so I would assume it wouldn't roll over onto the backup interface.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 - DMZ Configuration With Base License

May 24, 2011

My ASA 5505 base license allows for three VLANs, the third one can only initiate traffic to one other VLAN (as specified by no forward interface vlan <number> on the third VLAN). This doesn't mean it can't "access" the other VLAN, it just can't initiate traffic to it. A lot of people get that wrong.Let's say you've got three VLANs, one is OUTSIDE, two is DMZ, and three is INSIDE. On the second VLAN would I enter the no forward interface as vlan 3, then set the name via the nameif command and everything will work just fine. The DMZ will not be able to initiate traffic to the INSIDE, but will to the outside, and assuming you have your ACLs and NAT set up properly, it will be able to respond to traffic from the INSIDE.
 
Would that be best practice or would I enter the "no forward" interface as in VLAN 1, thus is being able to respond to traffic from the outside as opposed to the inside.
 
I had a DMZ set up but since there was an intrusion into my network, I am building it again.

View 2 Replies View Related

Cisco Firewall :: ASA 5505 VLAN Or Trunk Configuration?

Sep 2, 2012

ASA 5505, I got a security plus license which allows multiple VLANs.I want to be able to configure the ASA to allow only RDP session (One way) to another Switch where all the VLANs are. I've attached a pic of what I want but I'm struggling.
 
I looked at documentation saying you should have inside and outside interface but I'm not sure on this scenario.I've configured inside interface on ASA e0/1 and interface VLANs but not sure what to do between ASA and Switch?

View 2 Replies View Related

Cisco Firewall :: Random ASA 5505 Configuration Reloads?

Oct 16, 2011

I've been trying to track down intermitent problems with one of our branch office ASA5505's .The way we have been tracking it is primarily through ping/icmp connectivity. Occasionily our tracking software will report that is stops responding to ping requests then in almost less than a minute it will start replying again. I'm allowing icmp to that interface and it is internal. Examing the logs it almost looks like the config is being reloaded but I've never seen this kinda of log before so I'm not sure if it is just sending it's config to a host or actually reloading its config.
 
Here is the first part of it:

2011-10-17 07:05:05          Local4.Notice          192.168.22.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'logging host inside 192.168.2.20' command.
2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'logging host inside 192.168.2.21' command.
2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'route inside VLAN1 192.168.254.9 1 track 1' command.
2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'route inside VLAN98 192.168.254.9 1 track 2' command.
2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'route inside VLAN202 192.168.254.9 1 track 3'

[code]....
 
I've santized certain parts, but it does look like its realoding the config?

View 2 Replies View Related

Cisco Firewall :: How To Restore Factory Configuration On ASA 5505

Jun 18, 2007

while configuring my ASA 5505 I changed the IP address range of the internal network. Obviously I made an error because I cannot reach the box neither at the old nor the new address. How can I restore the interface and firewall definitions or reset the box to its initial state ? I found a doc how to reset the password, but not explaining how to restore the complete initial config.

View 10 Replies View Related

Cisco Firewall :: Multiple DHCP Pool Configuration On ASA 5505

Oct 4, 2012

I want to configure multiple DHCP configuration on ASA 5505. I tried to create sub interface for different IP Pool but it was not configure on ASA 5505. is it possible to create subinterface on ASA 5505?
 
ASA 5505 IOS version: 8.3(1)
License: Security Plus

View 4 Replies View Related

Cisco Firewall :: ASA 5505 - Losing Configuration When Device Powered Off

Feb 28, 2011

i did a reset on my asa by stopping the boot process because i could not remember what my enable password was, i had no problems with the reset the asa came backup as it should and i started configuring the device again. My problem is when the device is powered off and back on i lose all configuration that were made, i save the changes with "write me" before the restart and they are still being over wrote.

View 4 Replies View Related

Cisco Firewall :: ASA 5505 - Download Configuration Before Resetting Password?

Mar 24, 2013

I am new with ASA devices I have a ASA 5505, the former IT manager does not remember the password of it. I am just wondering do I lose the configuration on it if I reset the password?if yes, how can I download the configuration before resetting the password. and how can I upload the downloaded configuration

View 2 Replies View Related

Cisco Security :: ASA 5505 - Stops Before ROMmon

May 9, 2011

I have a ASA 5505 which stops pretty early in the boot sequence.
 
This is all that shows up,
 
CISCO SYSTEMS
Embedded BIOS Version 1.0(12)13 08/28/08 15:50:37.45
Low Memory: 632 KB

[Code].....

View 1 Replies View Related

Cisco Firewall :: Site-to-Site VPN Between ASA 5510 And 5505 Configuration

Apr 18, 2013

I am not very experienced with Cisco networking.

Here is the situation.
 
Site A - headquarters 192.168.1.x
Site B - remote office 192.168.20.x
Site C - remote office 192.168.30.x
 
Site A - ASA 5510
Site B - ASA 5505
Site C - ASA 5505
 
Site-to-site VPN is established and works between A and B, A and C. Users would like to establish a tunnel between B and C to work on a common project and the data is on Site B.
 
I tried configuring the S2S VPN with pre-shared keys on both firewalls at sites B and C but in the end it is not established (I cannot ping either side). I used the Wizard interface multiple times and one time the CLI. I generally followed the settings chosen between the headquarter and the individual remote sites and tried to replicate them. Obviously I have made a mistake somewhere.
 
Could there be any limitation on the ASA 5505 in terms of licensing and the number of S2S tunnels?

View 7 Replies View Related

Cisco VPN :: ASA 5505 - AnyConnect 3.1 Captive Portal False Alert Stops Users Connecting?

Dec 29, 2012

I am having problems with a customer's ASA 5505 with Anyconnect 3.1 - it is generating captive portal false-alerts which are stopping users from connecting. This issue began when I upgraded from Anyconnect 2.4 to 3.1, and it appears like this: A user downloads and installs the Anyconnect client and is able to connect fine, to begin with. However, once they reboot their computer and try to reconnect, the VPN session will not come up and they receive the error message below."The service provider in your current location is restricting access to the internet. You need to log on with the service provider before you can establish a VPN session. You can try this by visiting any website with your browser." 
 
Reading other posts, it seems this message appears when a captive portal is restricting internet access. It must be a false alert in this case as there is nothing of the sort here. Apparently, Anyconnect 3.1 can generate a false alert like so if the name of the firewall's SSL certificate doesn't match the CName listed on the Client Profile. I've set this up to match, to no avail. Although users can connect by reauthenticating through the SSL VPN login web page, I am stumped as to how to get rid of this captive portal error that pops up when they try to use the Anyconnect client.

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved