Anyconnect SSL VPN States Contacting...

        I had my ssl vpn working and now the anyconnect client that I downloaded just says Contacting...  It will not give me an error at all.  If I use the Anyconnect App on my droid phone it says "Anyconnect cannot confirm it is connected to your secure gateway.  The local network may not be trustworthy.  Please try another network."  I previously had the droid app work as well and I have made no changes to the VPN configuration.  Here is my config and version numbers:
anyconnect-win-2.5.2014-k9.pkg
c2800nm-adventerprisek9-mz.151-4.M5.bin
webvpn gateway gateway_1
ip interface Dialer1 port 443
ssl trustpoint SSL-VPN
inservice
webvpn install svc flash:/webvpn/anyconnect-win-2.5.2014-k9.pkg sequence 1
webvpn context SSL-VPN
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
policy group policy_1
   functions svc-enabled
   svc address-pool "SSL-VPN" netmask 255.255.255.0
   svc default-domain "<DOMAIN>"
   svc keep-client-installed
   svc split include 192.168.0.0 255.255.0.0
   svc dns-server primary <IP>
default-group-policy policy_1
gateway gateway_1
inservice
Any suggestions would be greatly appriciated.

        I had my ssl vpn working and now the anyconnect client that I downloaded just says Contacting...  It will not give me an error at all.  If I use the Anyconnect App on my droid phone it says "Anyconnect cannot confirm it is connected to your secure gateway.  The local network may not be trustworthy.  Please try another network."  I previously had the droid app work as well and I have made no changes to the VPN configuration.  Here is my config and version numbers:
anyconnect-win-2.5.2014-k9.pkg
c2800nm-adventerprisek9-mz.151-4.M5.bin
webvpn gateway gateway_1
ip interface Dialer1 port 443
ssl trustpoint SSL-VPN
inservice
webvpn install svc flash:/webvpn/anyconnect-win-2.5.2014-k9.pkg sequence 1
webvpn context SSL-VPN
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
policy group policy_1
   functions svc-enabled
   svc address-pool "SSL-VPN" netmask 255.255.255.0
   svc default-domain "<DOMAIN>"
   svc keep-client-installed
   svc split include 192.168.0.0 255.255.0.0
   svc dns-server primary <IP>
default-group-policy policy_1
gateway gateway_1
inservice
Any suggestions would be greatly appriciated.

Similar Messages

  • ASA5520 AnyConnect SSL VPN Connected but unable to ping my inside LAN

    Hi there, please forgive if I have missed any forum protocols as this is my first post.
    I am trying to configure Anyconnect SSL VPN. I am able to connect to the VPN on a laptop, witch is able to download the anyconnect client from the ASA. I am unable to ping any of my IP's that are on the inside of my ASA. Before posting here I have spent many hours on forums and watching videos on anyconnect SSL VPN creation and I am following it to the T but still no ping. Any help would be very much appreciated.
    Inside              192.168.1.254/24
    Outside           dhcp
    VPN Pool        192.168.250.1-50/24
    Inside LAN     192.168.1.0/24
    : Saved
    ASA Version 8.4(4)1
    interface GigabitEthernet0/0
    nameif outside
    security-level 0
    ip address dhcp setroute
    interface GigabitEthernet0/1
    nameif inside
    security-level 99
    ip address 192.168.1.254 255.255.255.0
    interface GigabitEthernet0/2
    shutdown
    no nameif
    no security-level
    no ip address
    interface GigabitEthernet0/3
    shutdown
    no nameif
    no security-level
    no ip address
    interface Management0/0
    nameif management
    security-level 99
    ip address 192.168.100.1 255.255.255.0
    ftp mode passive
    dns server-group DefaultDNS
    domain-name dock.local
    same-security-traffic permit inter-interface
    object network inside-network-object
    subnet 192.168.1.0 255.255.255.0
    object network management-network-object
    subnet 192.168.100.0 255.255.255.0
    object network NETWORK_OBJ_192.168.250.0_25
    subnet 192.168.250.0 255.255.255.128
    object-group network AllInside-networks
    network-object object inside-network-object
    network-object object management-network-object
    access-list inside_access_in extended permit ip any any
    access-list outside_access_in extended permit icmp any any echo-reply
    access-list split_tunnel standard permit 192.168.1.0 255.255.255.0
    access-list split_tunnel standard permit 192.168.100.0 255.255.255.0
    pager lines 24
    logging enable
    logging asdm informational
    mtu outside 1500
    mtu inside 1500
    mtu management 1500
    ip local pool vpn_pool 192.168.250.1-192.168.250.100 mask 255.255.255.0
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-647.bin
    no asdm history enable
    arp timeout 14400
    nat (inside,outside) source dynamic AllInside-networks interface
    nat (inside,any) source static any any destination static NETWORK_OBJ_192.168.250.0_25 NETWORK_OBJ_192.168.250.0_25 no-proxy-arp route-lookup
    access-group outside_access_in in interface outside
    access-group inside_access_in in interface inside
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    http server enable 4433
    http 192.168.100.0 255.255.255.0 management
    http 192.168.1.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    telnet timeout 5
    ssh 192.168.1.0 255.255.255.0 inside
    ssh 192.168.100.0 255.255.255.0 management
    ssh timeout 5
    ssh key-exchange group dh-group1-sha1
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
    webvpn
    enable outside
    anyconnect image disk0:/anyconnect-win-3.1.03103-k9.pkg 1
    anyconnect enable
    tunnel-group-list enable
    group-policy GroupPolicy_anyconnect internal
    group-policy GroupPolicy_anyconnect attributes
    wins-server none
    dns-server value 8.8.8.8
    vpn-tunnel-protocol ssl-client ssl-clientless
    split-tunnel-policy tunnelall
    split-tunnel-network-list value split_tunnel
    default-domain value dock.local
    username test password JAasdf434ey521ZCT encrypted privilege 15
    tunnel-group anyconnect type remote-access
    tunnel-group anyconnect general-attributes
    address-pool vpn_pool
    default-group-policy GroupPolicy_anyconnect
    tunnel-group anyconnect webvpn-attributes
    group-alias anyconnect enable
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
      inspect ip-options
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    call-home
    profile CiscoTAC-1
      no active
      destination address http
    https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email
    [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:24bcba3c4124ab371297d52260135924
    : end :

    : Saved
    ASA Version 8.4(4)1
    interface GigabitEthernet0/0
    nameif outside
    security-level 0
    ip address dhcp setroute
    interface GigabitEthernet0/1
    nameif inside
    security-level 99
    ip address 192.168.1.254 255.255.255.0
    interface GigabitEthernet0/2
    shutdown
    no nameif
    no security-level
    no ip address
    interface GigabitEthernet0/3
    shutdown
    no nameif
    no security-level
    no ip address
    interface Management0/0
    nameif management
    security-level 99
    ip address 192.168.100.1 255.255.255.0
    ftp mode passive
    dns server-group DefaultDNS
    domain-name dock.local
    same-security-traffic permit inter-interface
    object network inside-network-object
    subnet 192.168.1.0 255.255.255.0
    object network management-network-object
    subnet 192.168.100.0 255.255.255.0
    object network NETWORK_OBJ_192.168.250.0_25
    subnet 192.168.250.0 255.255.255.0
    object-group network AllInside-networks
    network-object object inside-network-object
    network-object object management-network-object
    access-list inside_access_in extended permit ip any any
    access-list outside_access_in extended permit icmp any any echo-reply
    access-list split_tunnel standard permit 192.168.1.0 255.255.255.0
    access-list split_tunnel standard permit 192.168.100.0 255.255.255.0
    pager lines 24
    logging enable
    logging asdm informational
    mtu outside 1500
    mtu inside 1500
    mtu management 1500
    ip local pool Anyconnect-pool 192.168.250.1-192.168.250.100 mask 255.255.255.0
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-647.bin
    no asdm history enable
    arp timeout 14400
    nat (inside,outside) source dynamic AllInside-networks interface
    nat (inside,outside) source static inside-network-object inside-network-object destination static NETWORK_OBJ_192.168.250.0_25 NETWORK_OBJ_192.168.250.0_25
    nat (inside,outside) source static management-network-object management-network-object destination static NETWORK_OBJ_192.168.250.0_25 NETWORK_OBJ_192.168.250.0_25
    access-group outside_access_in in interface outside
    access-group inside_access_in in interface inside
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    http server enable
    http 192.168.100.2 255.255.255.255 management
    http 192.168.100.0 255.255.255.0 management
    http 192.168.1.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    telnet timeout 5
    ssh 192.168.1.0 255.255.255.0 inside
    ssh 192.168.100.0 255.255.255.0 management
    ssh timeout 5
    ssh key-exchange group dh-group1-sha1
    console timeout 0
    management-access inside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
    webvpn
    enable outside
    anyconnect image disk0:/anyconnect-win-3.1.03103-k9.pkg 1
    anyconnect enable
    tunnel-group-list enable
    group-policy GroupPolicy_Anyconnect_VPN internal
    group-policy GroupPolicy_Anyconnect_VPN attributes
    wins-server none
    dns-server value 8.8.8.8
    vpn-tunnel-protocol ssl-client
    split-tunnel-policy tunnelall
    split-tunnel-network-list value split_tunnel
    default-domain value dock.local
    username sander password f/J.5nLef/EqyPfy encrypted
    username aveha password JA8X3IiqPvFFsZCT encrypted privilege 15
    tunnel-group Anyconnect_VPN type remote-access
    tunnel-group Anyconnect_VPN general-attributes
    address-pool Anyconnect-pool
    default-group-policy GroupPolicy_Anyconnect_VPN
    tunnel-group Anyconnect_VPN webvpn-attributes
    group-alias Anyconnect_VPN enable
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
      inspect ip-options
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    call-home
    profile CiscoTAC-1
      no active
      destination address http
    https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email
    [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:4636fa566ffc11b0f7858b760d974dee
    : end:

  • AnyConnect SSL VPN Vista split-tunneling

    I recently setup an ASA5510 with 8.0fw with the AnyConnect SSL VPN Client.
    Connecting to the SSL VPN works perfectly from all the XP computers that I have tested from. No problems there. However when on Vista, split-tunneling does not seem to function properly. Everything connects and works fine, and I can get to the defined secured remote nets, however I can't access anything out my default gateway(un-secured traffic). It seems like it might be a problem with Vista security features. When I try to ping out to any outside host, I get:
    PING: transmit failed, error code 1231.
    I can actually ping my default gateway, but nothing gets routed past it without the above error. I've also confirmed this several Vista installations, with Administrator + UAC disabled. Anyone else?

    I have done the same testing, and on both Vista 32bit and 64Bit the split tunneling does not seem to work. Also I found that this is a "known" bug
    From the Release Notes::
    AnyConnect Split-tunneling Does Not Work on Windows Vista - AnyConnect split-tunneling works correctly with Windows XP and Windows 2000 (CSCsi82315)
    I am happy that 64Bit works but will hold off on roll out until split-tunneling is fixed.
    Cassidy

  • Cisco ASA 5505 AnyConnect SSL VPN problem

    Hi!
    I have a small network, wiht ASA 5505, 8.4:
    Inside network: 192.168.2.0/24
    Outside: Static IP
    I would like to deploy a SSL AnyConnect setup.
    The state:
    -I give the correct IP from my predefined VPN pool (10.10.10.0/24).
    But, could not reach any resource, could not ping too. My host has given 10.10.10.1 IP, and I had a GW: 10.10.10.2. Where is this GW from?
    Could you help me?
    Here is my config (I omitted my PUBLIC IP, and GW): 
    Result of the command: "show running-config"
    : Saved
    ASA Version 8.4(4)1
    hostname valamiASA
    domain-name valami.local
    enable password OeyyCrIqfUEmzen8 encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    switchport access vlan 12
    interface Vlan1
    description LAN
    no forward interface Vlan12
    nameif inside
    security-level 100
    ip address 192.168.2.1 255.255.255.0
    interface Vlan2
    description WAN
    nameif outside
    security-level 0
    ip address MY_STATIC_IP 255.255.255.248
    interface Vlan12
    description Vendegeknek a valamiHotSpot WiFi-hez
    nameif guest
    security-level 100
    ip address 192.168.4.1 255.255.255.0
    management-only
    ftp mode passive
    clock timezone GMT 0
    dns domain-lookup inside
    dns domain-lookup outside
    dns domain-lookup guest
    dns server-group DefaultDNS
    name-server 62.112.192.4
    name-server 195.70.35.66
    domain-name valami.local
    same-security-traffic permit intra-interface
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network inside-net
    subnet 192.168.2.0 255.255.255.0
    object network guest-net
    subnet 192.168.3.0 255.255.255.0
    object network NETWORK_OBJ_192.168.2.128_25
    subnet 192.168.2.128 255.255.255.128
    object-group protocol DM_INLINE_PROTOCOL_3
    protocol-object ip
    protocol-object icmp
    object-group protocol DM_INLINE_PROTOCOL_1
    protocol-object ip
    protocol-object icmp
    object-group protocol DM_INLINE_PROTOCOL_2
    protocol-object ip
    protocol-object icmp
    access-list global_access extended permit object-group DM_INLINE_PROTOCOL_3 any any
    access-list AnyConnect_Client_Local_Print extended deny ip any any
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
    access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
    access-list AnyConnect_Client_Local_Print remark Windows' printing port
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
    access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
    access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
    access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
    access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
    access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
    access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
    access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any any
    access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    mtu guest 1500
    ip local pool valami_vpn_pool 10.10.10.1-10.10.10.10 mask 255.255.255.0
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any inside
    no asdm history enable
    arp timeout 14400
    object network inside-net
    nat (inside,outside) dynamic interface
    object network guest-net
    nat (guest,outside) dynamic interface
    access-group inside_access_in in interface inside
    access-group outside_access_in in interface outside
    access-group global_access global
    route outside 0.0.0.0 0.0.0.0 MY_STATIC_GW 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    aaa local authentication attempts max-fail 16
    http server enable
    http 192.168.2.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    telnet timeout 5
    ssh timeout 5
    ssh key-exchange group dh-group1-sha1
    console timeout 0
    dhcpd auto_config outside
    threat-detection basic-threat
    threat-detection statistics host
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    enable inside
    enable outside
    anyconnect-essentials
    anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
    anyconnect enable
    tunnel-group-list enable
    group-policy GroupPolicy_valami_VPN internal
    group-policy GroupPolicy_valami_VPN attributes
    wins-server value 192.168.2.2
    dns-server value 192.168.2.2
    vpn-tunnel-protocol ssl-client
    split-tunnel-policy tunnelall
    default-domain value valami.local
    webvpn
      anyconnect ssl rekey time 30
      anyconnect ssl rekey method ssl
      anyconnect ask enable default anyconnect timeout 30
      customization none
      deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information.
    username test password P4ttSyrm33SV8TYp encrypted
    tunnel-group valami_VPN type remote-access
    tunnel-group valami_VPN general-attributes
    address-pool valami_vpn_pool
    default-group-policy GroupPolicy_valami_VPN
    tunnel-group valami_VPN webvpn-attributes
    group-alias valami_VPN enable
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
      inspect ip-options
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:d54de340bb6794d90a9ee52c69044753
    : end

    First of all thanks your link.
    I know your notes, but i don't understand 1 thing:
    if i check nat exemption in the anyconnect wizad, why should i make nat exemption rule?
    A tried creating a roule, but it is wrong.
    My steps (on ASDM):
    1: create network object (10.10.10.0/24), named VPN
    2: create nat rule: source any, destination VPN, protocol any
    Here is my config:
    Result of the command: "show running-config"
    : Saved
    ASA Version 8.4(4)1
    hostname companyASA
    domain-name company.local
    enable password OeyyCrIqfUEmzen8 encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    switchport access vlan 12
    interface Vlan1
    description LAN
    no forward interface Vlan12
    nameif inside
    security-level 100
    ip address 192.168.2.1 255.255.255.0
    interface Vlan2
    description WAN
    nameif outside
    security-level 0
    ip address 77.111.103.106 255.255.255.248
    interface Vlan12
    description Vendegeknek a companyHotSpot WiFi-hez
    nameif guest
    security-level 100
    ip address 192.168.4.1 255.255.255.0
    ftp mode passive
    clock timezone CEST 1
    clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
    dns domain-lookup inside
    dns domain-lookup outside
    dns domain-lookup guest
    dns server-group DefaultDNS
    name-server 62.112.192.4
    name-server 195.70.35.66
    domain-name company.local
    same-security-traffic permit intra-interface
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network inside-net
    subnet 192.168.2.0 255.255.255.0
    object network guest-net
    subnet 192.168.3.0 255.255.255.0
    object network NETWORK_OBJ_192.168.2.128_25
    subnet 192.168.2.128 255.255.255.128
    object network WEBSHOP
    host 192.168.2.2
    object network INSIDE_HOST
    host 10.100.130.5
    object network VOIP_management
    host 192.168.2.215
    object network Dev_1
    host 192.168.2.2
    object network Dev_2
    host 192.168.2.2
    object network RDP
    host 192.168.2.2
    object network Mediasa
    host 192.168.2.17
    object network VOIP_ePhone
    host 192.168.2.215
    object network NETWORK_OBJ_192.168.4.0_28
    subnet 192.168.4.0 255.255.255.240
    object network NETWORK_OBJ_10.10.10.8_29
    subnet 10.10.10.8 255.255.255.248
    object network VPN
    subnet 10.10.10.0 255.255.255.0
    object network VPN-internet
    subnet 10.10.10.0 255.255.255.0
    object-group protocol DM_INLINE_PROTOCOL_3
    protocol-object ip
    protocol-object icmp
    object-group protocol DM_INLINE_PROTOCOL_1
    protocol-object ip
    protocol-object icmp
    object-group protocol DM_INLINE_PROTOCOL_2
    protocol-object ip
    protocol-object icmp
    access-list global_access extended permit object-group DM_INLINE_PROTOCOL_3 any any
    access-list AnyConnect_Client_Local_Print extended deny ip any any
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
    access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
    access-list AnyConnect_Client_Local_Print remark Windows' printing port
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
    access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
    access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
    access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
    access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
    access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
    access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
    access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any any
    access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    mtu guest 1500
    ip local pool company_vpn_pool 10.10.10.10-10.10.10.15 mask 255.255.255.0
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any inside
    no asdm history enable
    arp timeout 14400
    nat (any,any) source static any any destination static VPN VPN
    nat (inside,outside) source static inside-net inside-net destination static VPN VPN
    object network inside-net
    nat (inside,outside) dynamic interface
    object network guest-net
    nat (guest,outside) dynamic interface
    access-group inside_access_in in interface inside
    access-group outside_access_in in interface outside
    access-group global_access global
    route outside 0.0.0.0 0.0.0.0 77.111.103.105 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    aaa local authentication attempts max-fail 16
    http server enable
    http 192.168.2.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    telnet timeout 5
    ssh timeout 5
    ssh key-exchange group dh-group1-sha1
    console timeout 0
    dhcpd auto_config outside
    threat-detection basic-threat
    threat-detection statistics host
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    enable inside
    enable outside
    anyconnect-essentials
    anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
    anyconnect enable
    tunnel-group-list enable
    group-policy GroupPolicy_company_VPN internal
    group-policy GroupPolicy_company_VPN attributes
    wins-server value 192.168.2.2
    dns-server value 192.168.2.2
    vpn-tunnel-protocol l2tp-ipsec
    split-tunnel-policy tunnelall
    default-domain value company.local
    webvpn
      anyconnect ssl rekey time 30
      anyconnect ssl rekey method ssl
      anyconnect ask enable default anyconnect timeout 30
      customization none
      deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information.
    group-policy GroupPolicy_VPN internal
    group-policy GroupPolicy_VPN attributes
    wins-server none
    dns-server value 62.112.192.4 195.70.35.66
    vpn-tunnel-protocol ssl-client
    default-domain value company.local
    username test password P4ttSyrm33SV8TYp encrypted
    tunnel-group company_VPN type remote-access
    tunnel-group company_VPN general-attributes
    address-pool company_vpn_pool
    default-group-policy GroupPolicy_company_VPN
    tunnel-group company_VPN webvpn-attributes
    group-alias company_VPN enable
    tunnel-group VPN type remote-access
    tunnel-group VPN general-attributes
    address-pool company_vpn_pool
    default-group-policy GroupPolicy_VPN
    tunnel-group VPN webvpn-attributes
    group-alias VPN enable
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
      inspect ip-options
      inspect icmp
      inspect icmp error
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:33ee37a3722f228f9be9b84ef43f731e
    : end
    Could you give me a CLI-code?
    (or ASDM steps).

  • Anyconnect SSL VPN Authentication Feilure

    Dear All,
    I have configured an Asa 5510 as SSL vpn gataway ver 8.2(4) Anyconnect Essential. The clients are authenticated via Radius and OTP password.
    All work well since yesterday. When I have did same configuration changes. My objective was has that the clients accept the self signed certificate issued by the Asa whitout give the warning about the private cert.
    So I have try to generaste a new certificate with FQDN equal to myasa.mydomain.com and also a CN=myasa
    Then I have change the provile XML file of my anyconnect in this way:
    <HostEntry>
                <HostName>myasa</HostName>
                <HostAddress>xxx.xxx.xxx.xxx</HostAddress>
            <PrimaryProtocol>SSL</PrimaryProtocol>       
    Then I installed the certificate on my Win7 Pc in the Trusted Root Certification Authority.
    The result of all my changes is that now the login fail! Someone could help me pls?
    webvpn_allocate_auth_struct: net_handle = DA0C3608
    webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
    webvpn_portal.c:webvpn_login_validate_net_handle[2234]
    webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
    webvpn_portal.c:webvpn_login_assign_app_next[2272]
    webvpn_portal.c:webvpn_login_cookie_check[2289]
    webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
    webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
    webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name = VPNSSL
    webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
    webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
    webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
    webvpn_login_resolve_tunnel_group: tgCookie = NULL
    webvpn_login_resolve_tunnel_group: tunnel group name from group list
    webvpn_login_resolve_tunnel_group: TG_BUFFER = VPNSSL
    webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
    webvpn_portal.c:webvpn_login_check_cert_status[2733]
    webvpn_portal.c:webvpn_login_cert_only[2774]
    webvpn_portal.c:webvpn_login_primary_username[2796]
    webvpn_portal.c:webvpn_login_primary_password[2878]
    webvpn_portal.c:webvpn_login_secondary_username[2910]
    webvpn_portal.c:webvpn_login_secondary_password[2988]
    webvpn_portal.c:webvpn_login_extra_password[3021]
    webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
    webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
    webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 1
    webvpn_portal.c:webvpn_login_aaa_not_resuming[3137]
    webvpn_portal.c:http_webvpn_kill_cookie[790]
    webvpn_auth.c:http_webvpn_pre_authentication[2321]
    WebVPN: calling AAA with ewsContext (-636397680) and nh (-636733944)!
    webvpn_add_auth_handle: auth_handle = 95
    WebVPN: started user authentication...
    webvpn_auth.c:webvpn_aaa_callback[5163]
    WebVPN: AAA status = (ACCEPT)
    webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
    webvpn_portal.c:webvpn_login_validate_net_handle[2234]
    webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
    webvpn_portal.c:webvpn_login_assign_app_next[2272]
    webvpn_portal.c:webvpn_login_cookie_check[2289]
    webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
    webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
    webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name = VPNSSL
    webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
    webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
    webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
    webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
    webvpn_portal.c:webvpn_login_check_cert_status[2733]
    webvpn_portal.c:webvpn_login_cert_only[2774]
    webvpn_portal.c:webvpn_login_primary_username[2796]
    webvpn_portal.c:webvpn_login_primary_password[2878]
    webvpn_portal.c:webvpn_login_secondary_username[2910]
    webvpn_portal.c:webvpn_login_secondary_password[2988]
    webvpn_portal.c:webvpn_login_extra_password[3021]
    webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
    webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
    webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 1
    webvpn_portal.c:webvpn_login_aaa_resuming[3093]
    webvpn_auth.c:http_webvpn_post_authentication[1485]
    WebVPN: user: ([email protected]) authenticated.
    webvpn_auth.c:http_webvpn_auth_accept[2939]
    WARNING: CSD is disabled by AnyConnect Essentials license.
    webvpn_session.c:http_webvpn_create_session[184]
    webvpn_session.c:http_webvpn_find_session[159]
    WebVPN session created!
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:http_webvpn_destroy_session[1386]
    webvpn_remove_auth_handle: auth_handle = 95
    WARNING: CSD is disabled by AnyConnect Essentials license.
    WARNING: CSD is disabled by AnyConnect Essentials license.
    webvpn_portal.c:webvpn_determine_primary_username[5689]
    webvpn_portal.c:webvpn_determine_secondary_username[5758]
    webvpn_portal.c:ewaFormServe_webvpn_login[1974]
    webvpn_portal.c:http_webvpn_kill_cookie[790]
    APP_BUFFER: <option value="VPNSSL" noaaa="0" >dntsbewvpn</option>
    webvpn_free_auth_struct: net_handle = DA0C3608
    webvpn_allocate_auth_struct: net_handle = DA0C3608
    webvpn_free_auth_struct: net_handle = DA0C3608

    Dear All,
    I have found why the authentication was stop to work.
    I have lost in the config the command:
    svc image disk0:/anyconnect-win-xxxxxk9.pkg 1
    Now it works.
    Best regards,
    Igor.

  • Anyconnect ssl vpn and acl

     Hi Everyone,
    I was testing few things at my home lab.
    PC---running ssl vpn------------sw------router------------ISP--------------ASA(ssl anyconnect)
    anyconnect ssl is working fine and i am also able to access internet.
    I am using full tunnel
    i have acl on outside interface of ASA
    1
    True
    any
    any
    ip
    Deny
    0
    Default
    i know that ACL is used for traffic passing via ASA.
    I need to understand the traffic flow for access to internet via ssl vpn.?
    Regards
    MAhesh

    As you say correctly, the interface-ACL is not important for that as the VPN-traffic is not inspected by that ACL. At least not by default.
    You can control the traffic with a different ACL that gets applied to the group-policy with the "vpn-filter" command. And of course you need a NAT-rule that translates your traffic when flowing to the internet. That rule has to work on the interface-pair (outside,outside).

  • Cisco AnyConnect SSL VPN no split tunnel and no hairpinning internet access

    Greetings,
    I am looking to configure a Cisco ASA 5515X for Cisco AnyConnect Essentials SSL VPN where ALL SSL-VPN traffic is tunneled, no split tunneling or hairpinning on the outside interface. However users require internet access. I need to route traffic out the "trusted" or "inside" interface to another device that performs content-filtering and inspection which then egresses out to the internet from there. Typically this could be done using a route-map (which ASA's do not support) or with a VRF (again, not an option on the ASA). The default route points to the outside interface toward the internet.
    Is there no other method to force all my SSL-VPN traffic out the inside interface toward LAN subnets as needed and have another default route point toward the filtering device?
    OR 
    Am I forced to put the ASA behind the filtering device somehow?

    Hi Jim,
    You can use tunnel default route for vpn traffic:
    ASA(config)# route inside 0.0.0.0 0.0.0.0 <inside hop> tunneled
    configure mode commands/options:
      <1-255>   Distance metric for this route, default is 1
      track     Install route depending on tracked item
      tunneled  Enable the default tunnel gateway option, metric is set to 255
    This route is applicable for only vpn traffic.
    HTH,
    Shetty

  • Anyconnect SSL-VPN - DNS Lookups (external) doesn't work

    Hello,
    I have issues with my SSL AnyConnect VPN setup on my ASA 5512-x. The VPN , split tunneling and NAT exempt is working fine and i can connect to internal hosts.
    However, external or internal DNS requests doesn't work on the clients (Windows, Anyconnect). I want full split tunneling, ie DNS requests should not go through the VPN.
    The DNS requests works through NSLOOKUP but not in ping and in any browser.
    (The config, request more if i've omitted something important).
    ASA Version 8.6(1)2
    access-list vlan42-splittunneling standard permit 192.168.42.0 255.255.255.0
    ip local pool vlan42test 192.168.199.50-192.168.199.55 mask 255.255.255.0
    address-pools value vlan42test
    nat (any,any) source static any any destination static VPN-pool-range VPN-pool-range
    object network VPN-pool-range
    range 192.168.199.10 192.168.199.254
    webvpn
    enable Outside
    anyconnect image disk0:/anyconnect-win-3.1.04072-k9.pkg 1
    anyconnect enable
    group-policy vlan42-clientvpn-policy internal
    group-policy vlan42-clientvpn-policy attributes
    wins-server none
    vpn-tunnel-protocol ssl-client
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value vlan42-splittunneling
    default-domain value doesntmatter.local
    split-dns value doesntmatter.local
    vlan none
    address-pools value vlan42test
    vpn-group-policy vlan42-clientvpn-policy
    vpn-simultaneous-logins 20
    service-type remote-access
    tunnel-group vlan42-con-profile type remote-access
    tunnel-group vlan42-con-profile general-attributes
    authentication-server-group ah
    default-group-policy vlan42-clientvpn-policy
    tunnel-group vlan42-con-profile webvpn-attributes
    group-alias privatecloud42 enable
    group-url https://vpn.**.com/privatecloud42 enable
    I gladly appreciate your help. Thank you.

    I don't have experience with the ssl client and vista, but I do use the new Anyconnect SSL client with vista. All you need to do is upgrade the ASA to version 8. Hope that helps.

  • AnyConnect (SSL VPN on IoS) - Connection stuck on Android

    Hiya,
    I have an Any Connect WebVpn (ssl vpn?) set up on an IOS 15.2(4)M4. My current WebVPN is set up for Cisco Phones to use SSL VPN to connect to a Cisco Call Manager (CUCM 9.x). I also tried connecting with an Any Connect client from a PC and it seems to work fine.
    The issue is when I try to connect through an Android device, I get the following output from 'debug webvpn':
    Jan 10 16:04:17.192: WV: sslvpn process rcvd context queue event
    Jan 10 16:04:17.192: WV: sslvpn process rcvd context queue event
    Jan 10 16:04:17.220: WV: sslvpn process rcvd context queue event
    Jan 10 16:04:17.224: WV: sslvpn process rcvd context queue event
    Jan 10 16:04:17.224: WV: Entering APPL with Context: 0x242D9C30,
          Data buffer(buffer: 0x242F2930, data: 0xD9E7658, len: 0,
          offset: 0, domain: 0)
    Jan 10 16:04:17.224: WV: Fragmented App data - buffered
    Jan 10 16:04:17.224: WV: Entering APPL with Context: 0x242D9C30,
          Data buffer(buffer: 0x242F2470, data: 0xEA4D858, len: 884,
          offset: 0, domain: 0)
    tbr-edi-2901#
    Jan 10 16:04:17.224: WV: http request: / with no cookie
    Jan 10 16:04:17.224: WV: validated_tp :  cert_username :  matched_ctx :
    Jan 10 16:04:17.224: WV: failed to get sslvpn appinfo from opssl
    Jan 10 16:04:17.224: WV: Error: Failed to get vw_ctx
    Jan 10 16:04:17.224: WV: Appl. processing Failed : 2
    Jan 10 16:04:18.344: WV: sslvpn process rcvd context queue event
    Jan 10 16:04:18.348: WV: sslvpn process rcvd context queue event
    Jan 10 16:04:18.376: WV: sslvpn process rcvd context queue event
    and then the messages in italics above keep on appearing in an endless loop.
    Any ideas what could be the issue.
    Any help is highly appreciated.
    Thanks,
    David

    Hi,
    I'm having the same issue please let me know if yo found the solution. Thanks in advance

  • SSL-VPN Anyconnect fails after rebooting 2811

    Hello all,
    I have setup an Anyconnect SSL-VPN in my 2811 and it works just great, but then after the reboot it fails.  I think it has something to do with the SSL Cert being ereased.  Here is my configuration, please let me know if you need anything else:
    ! Last configuration change at 02:03:27 CDT Thu Sep 27 2012
    version 15.1
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    aaa new-model
    aaa session-id common
    crypto pki token default removal timeout 0
    crypto pki trustpoint TP-self-signed-XXXXXXXXXX
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-XXXXXXXXXX
    revocation-check none
    crypto pki certificate chain TP-self-signed-XXXXXXXXXX
    certificate self-signed 01
      3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
      31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
      69666963 6174652D 31363535 34343437 3534301E 170D3132 30393237 30373033
      34365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
      4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36353534
      34343735 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
      810096FE 9114BCED E2FA2297 CE41A6F5 73078E18 C1109993 48E2629E 78713B48
      E6EA7C79 17C8E159 C057A05B F3CAFB4D 36AE9196 AAC4A2BF 586CF144 A81E50FC
      5261BFCF 0A11064F C9F19A4C 953DFBF8 65194AD2 73100EE0 FBFE7EB6 0AD16875
      7C1C03AE B3A461E2 9837E057 E2A8AE94 F11FDA8A 98AF8107 C0D9FF14 3CF1C62E
      BE090203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
      551D2304 18301680 1425F172 BAFEAA95 A90FA3D7 A3482174 6F951194 52301D06
      03551D0E 04160414 25F172BA FEAA95A9 0FA3D7A3 4821746F 95119452 300D0609
      2A864886 F70D0101 04050003 81810064 30DCCC2D 0506EDF6 61C37B9E DF5D8F9A
      A9FE0646 FC72C3F8 A7E10E55 CE6AA592 7385931A DDFE95B7 47ED3690 2C3F8B43
      9A637526 1464D94E 3A71D235 A14C0551 70E3ED2F F51B07E3 4379E2AF CCA03416
      10DDF3E1 784D053B A9E4A624 E34BDDFB BA638658 58E30B74 55A62B02 BDC493A8
      23191E2E E4BF390B D62DAA2B 351C09
            quit
    username USERNAME privilege 15 secret 5 $1$Pc/.$y6kJb0xpe.77ciRHZTJ8A.
    ip local pool SSL-VPN 192.168.11.5 192.168.11.8
    ip forward-protocol nd
    ip http server
    ip http authentication local
    ip http secure-server
    bvpn gateway gateway_1
    ip interface Dialer1 port 443
    ssl trustpoint SSL-VPN
    inservice
    webvpn install svc flash:/webvpn/anyconnect-win-2.5.2014-k9.pkg sequence 1
    webvpn context SSL-VPN
    secondary-color white
    title-color #CCCC66
    text-color black
    ssl authenticate verify all
    policy group policy_1
       functions svc-enabled
       svc address-pool "SSL-VPN"
       svc default-domain "DOMAIN"
       svc keep-client-installed
       svc split include 192.168.0.0 255.255.0.0
       svc dns-server primary DNS-SERVER
    default-group-policy policy_1
    gateway gateway_1
    inservice

    Here is the bug description that matches your explaination of the issue:
    MF: HTTPS generates a new self-signed cert on reboot even if one exists
    Symptom:
    With Secure HTTP server enabled, IOS device  generates a new self-signed certificate when it reloads even if a valid  self-signed certificate already exists.
    Conditions:
    When there is no CA(Certificate Authority) provided certificate on the device
    Workaround:
    Use CA provided certificate.
    The resolution is to upgrade it to version 15.2(1)T or higher.
    Unfortunately you would need to have SmartNet contract to be able to download the software from CCO.

  • SSL VPN, "Login failed" and "WebVPN: error creating WebVPN session!"

    Hi,
    Just ran the wizard for Anyconnect SSL VPN, created a tunnel group, a vpn pool and added user to it. When trying to logon on the SSL service, it simply says "login failed". I suspect that the user might not be in correct groups or so?
    some relevant config
    webvpn
    enable wan
    svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
    svc enable
    group-policy vpnpolicy1 internal
    group-policy vpnpolicy1 attributes
    vpn-tunnel-protocol svc
    tunnel-group admins type remote-access
    tunnel-group admins general-attributes
    address-pool sslpool2
    default-group-policy vpnpolicy1
    username myuser password 1234567890 encrypted privilege 15
    username myuser  attributes
    vpn-group-policy vpnpolicy1
    Debug:
    asa01# debug webvpn 255
    INFO: debug webvpn  enabled at level 255.
    asa01# webvpn_allocate_auth_struct: net_handle = CD5734D0
    webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
    webvpn_portal.c:webvpn_login_validate_net_handle[2234]
    webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
    webvpn_portal.c:webvpn_login_assign_app_next[2272]
    webvpn_portal.c:webvpn_login_cookie_check[2289]
    webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
    webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
    webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
    webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
    webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
    webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
    webvpn_login_resolve_tunnel_group: tgCookie = NULL
    webvpn_login_resolve_tunnel_group: tunnel group name from default
    webvpn_login_resolve_tunnel_group: TG_BUFFER = DefaultWEBVPNGroup
    webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
    webvpn_portal.c:webvpn_login_check_cert_status[2733]
    webvpn_portal.c:webvpn_login_cert_only[2774]
    webvpn_portal.c:webvpn_login_primary_username[2796]
    webvpn_portal.c:webvpn_login_primary_password[2878]
    webvpn_portal.c:webvpn_login_secondary_username[2910]
    webvpn_portal.c:webvpn_login_secondary_password[2988]
    webvpn_portal.c:webvpn_login_extra_password[3021]
    webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
    webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
    webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
    webvpn_portal.c:webvpn_login_aaa_not_resuming[3137]
    webvpn_portal.c:http_webvpn_kill_cookie[790]
    webvpn_auth.c:http_webvpn_pre_authentication[2321]
    WebVPN: calling AAA with ewsContext (-867034168) and nh (-849922864)!
    webvpn_add_auth_handle: auth_handle = 17
    WebVPN: started user authentication...
    webvpn_auth.c:webvpn_aaa_callback[5138]
    WebVPN: AAA status = (ACCEPT)
    webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
    webvpn_portal.c:webvpn_login_validate_net_handle[2234]
    webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
    webvpn_portal.c:webvpn_login_assign_app_next[2272]
    webvpn_portal.c:webvpn_login_cookie_check[2289]
    webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
    webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
    webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
    webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
    webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
    webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
    webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
    webvpn_portal.c:webvpn_login_check_cert_status[2733]
    webvpn_portal.c:webvpn_login_cert_only[2774]
    webvpn_portal.c:webvpn_login_primary_username[2796]
    webvpn_portal.c:webvpn_login_primary_password[2878]
    webvpn_portal.c:webvpn_login_secondary_username[2910]
    webvpn_portal.c:webvpn_login_secondary_password[2988]
    webvpn_portal.c:webvpn_login_extra_password[3021]
    webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
    webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
    webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
    webvpn_portal.c:webvpn_login_aaa_resuming[3093]
    webvpn_auth.c:http_webvpn_post_authentication[1485]
    WebVPN: user: (myuser) authenticated.
    webvpn_auth.c:http_webvpn_auth_accept[2938]
    webvpn_session.c:http_webvpn_create_session[184]
    WebVPN: error creating WebVPN session!
    webvpn_remove_auth_handle: auth_handle = 17
    webvpn_free_auth_struct: net_handle = CD5734D0
    webvpn_allocate_auth_struct: net_handle = CD5734D0
    webvpn_free_auth_struct: net_handle = CD5734D0

    AnyConnect says:
    "The secure gateway has rejected the agents VPN connect or reconnect request. A new connection requires re-authentication and must be started manually. Please contact your network administrator if this problem persists.
    The following message was received from the secure gateway: Host or network is 0"
    Other resources indicate that it's either the tunnel group, or the address pool.. The address pool is:
    ip local pool sslpool2 172.16.20.0-172.16.20.254 mask 255.255.255.0
    asa01# debug webvpn 255
    INFO: debug webvpn  enabled at level 255.
    asa01# debug http 255
    debug http enabled at level 255.
    asa01# webvpn_allocate_auth_struct: net_handle = CE9C3208
    webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
    webvpn_portal.c:webvpn_login_validate_net_handle[2234]
    webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
    webvpn_portal.c:webvpn_login_assign_app_next[2272]
    webvpn_portal.c:webvpn_login_cookie_check[2289]
    webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
    webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
    webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
    webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
    webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
    webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
    webvpn_login_resolve_tunnel_group: tgCookie = NULL
    webvpn_login_resolve_tunnel_group: tunnel group name from default
    webvpn_login_resolve_tunnel_group: TG_BUFFER = DefaultWEBVPNGroup
    webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
    webvpn_portal.c:webvpn_login_check_cert_status[2733]
    webvpn_portal.c:webvpn_login_cert_only[2774]
    webvpn_portal.c:webvpn_login_primary_username[2796]
    webvpn_portal.c:webvpn_login_primary_password[2878]
    webvpn_portal.c:webvpn_login_secondary_username[2910]
    webvpn_portal.c:webvpn_login_secondary_password[2988]
    webvpn_portal.c:webvpn_login_extra_password[3021]
    webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
    webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
    webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
    webvpn_portal.c:webvpn_login_aaa_not_resuming[3137]
    webvpn_portal.c:http_webvpn_kill_cookie[790]
    webvpn_auth.c:http_webvpn_pre_authentication[2321]
    WebVPN: calling AAA with ewsContext (-845538720) and nh (-828624376)!
    webvpn_add_auth_handle: auth_handle = 22
    WebVPN: started user authentication...
    webvpn_auth.c:webvpn_aaa_callback[5138]
    WebVPN: AAA status = (ACCEPT)
    webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
    webvpn_portal.c:webvpn_login_validate_net_handle[2234]
    webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
    webvpn_portal.c:webvpn_login_assign_app_next[2272]
    webvpn_portal.c:webvpn_login_cookie_check[2289]
    webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
    webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
    webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
    webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
    webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
    webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
    webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
    webvpn_portal.c:webvpn_login_check_cert_status[2733]
    webvpn_portal.c:webvpn_login_cert_only[2774]
    webvpn_portal.c:webvpn_login_primary_username[2796]
    webvpn_portal.c:webvpn_login_primary_password[2878]
    webvpn_portal.c:webvpn_login_secondary_username[2910]
    webvpn_portal.c:webvpn_login_secondary_password[2988]
    webvpn_portal.c:webvpn_login_extra_password[3021]
    webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
    webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
    webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
    webvpn_portal.c:webvpn_login_aaa_resuming[3093]
    webvpn_auth.c:http_webvpn_post_authentication[1485]
    WebVPN: user: (myuser) authenticated.
    webvpn_auth.c:http_webvpn_auth_accept[2938]
    HTTP: net_handle->standalone_client [0]
    webvpn_session.c:http_webvpn_create_session[184]
    webvpn_session.c:http_webvpn_find_session[159]
    WebVPN session created!
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_remove_auth_handle: auth_handle = 22
    webvpn_portal.c:ewaFormServe_webvpn_cookie[1805]
    webvpn_free_auth_struct: net_handle = CE9C3208
    webvpn_allocate_auth_struct: net_handle = CE9C3208
    ewsStringSearch: no buffer
    Close 0
    webvpn_free_auth_struct: net_handle = CE9C3208
    webvpn_allocate_auth_struct: net_handle = CE9C3208
    webvpn_auth.c:webvpn_auth[581]
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:webvpn_update_idle_time[1463]
    WebVPN: session has been authenticated.
    webvpn_free_auth_struct: net_handle = CE9C3208
    webvpn_allocate_auth_struct: net_handle = CE9C3208
    ewsStringSearch: no buffer
    Close 0
    webvpn_free_auth_struct: net_handle = CE9C3208
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:webvpn_update_idle_time[1463]
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_allocate_auth_struct: net_handle = CE9C3208
    webvpn_auth.c:webvpn_auth[581]
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:webvpn_update_idle_time[1463]
    WebVPN: session has been authenticated.
    webvpn_free_auth_struct: net_handle = CE9C3208
    webvpn_allocate_auth_struct: net_handle = CE9C3208
    ewsStringSearch: no buffer
    Close 0
    webvpn_free_auth_struct: net_handle = CE9C3208
    webvpn_allocate_auth_struct: net_handle = CE863DE8
    webvpn_auth.c:webvpn_auth[581]
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:webvpn_update_idle_time[1463]
    WebVPN: session has been authenticated.
    webvpn_free_auth_struct: net_handle = CE863DE8
    webvpn_allocate_auth_struct: net_handle = CE863DE8
    ewsStringSearch: no buffer
    Close 0
    webvpn_free_auth_struct: net_handle = CE863DE8
    webvpn_allocate_auth_struct: net_handle = CE9C32C8
    webvpn_auth.c:webvpn_auth[581]
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:webvpn_update_idle_time[1463]
    WebVPN: session has been authenticated.
    webvpn_free_auth_struct: net_handle = CE9C32C8
    webvpn_allocate_auth_struct: net_handle = CE9C32C8
    ewsStringSearch: no buffer
    Close 0
    webvpn_free_auth_struct: net_handle = CE9C32C8
    webvpn_allocate_auth_struct: net_handle = CE9C32C8
    webvpn_allocate_auth_struct: net_handle = CE863DE8
    webvpn_auth.c:webvpn_auth[581]
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:webvpn_update_idle_time[1463]
    WebVPN: session has been authenticated.
    webvpn_auth.c:webvpn_auth[581]
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:webvpn_update_idle_time[1463]
    WebVPN: session has been authenticated.
    webvpn_free_auth_struct: net_handle = CE863DE8
    webvpn_allocate_auth_struct: net_handle = CE863DE8
    ewsStringSearch: no buffer
    Close 0
    webvpn_free_auth_struct: net_handle = CE863DE8
    webvpn_free_auth_struct: net_handle = CE9C32C8
    webvpn_allocate_auth_struct: net_handle = CE9C32C8
    ewsStringSearch: no buffer
    Close 0
    webvpn_free_auth_struct: net_handle = CE9C32C8
    webvpn_allocate_auth_struct: net_handle = CE9C32C8
    webvpn_auth.c:webvpn_auth[581]
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:webvpn_update_idle_time[1463]
    WebVPN: session has been authenticated.
    webvpn_free_auth_struct: net_handle = CE9C32C8
    webvpn_allocate_auth_struct: net_handle = CE9C32C8
    ewsStringSearch: no buffer
    Close 0
    webvpn_free_auth_struct: net_handle = CE9C32C8
    HTTP: Periodic admin session check  (idle-timeout = 1200, session-timeout = 0)
    webvpn_allocate_auth_struct: net_handle = CE9C32C8
    webvpn_auth.c:webvpn_auth[581]
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:webvpn_update_idle_time[1463]
    WebVPN: session has been authenticated.
    webvpn_free_auth_struct: net_handle = CE9C32C8
    webvpn_allocate_auth_struct: net_handle = CE9C32C8
    ewsStringSearch: no buffer
    Close 0
    webvpn_free_auth_struct: net_handle = CE9C32C8
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_allocate_auth_struct: net_handle = CE9C32C8
    webvpn_auth.c:webvpn_auth[581]
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:webvpn_update_idle_time[1463]
    WebVPN: session has been authenticated.
    webvpn_free_auth_struct: net_handle = CE9C32C8
    webvpn_allocate_auth_struct: net_handle = CE9C32C8
    ewsStringSearch: no buffer
    Close 0
    webvpn_free_auth_struct: net_handle = CE9C32C8
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_allocate_auth_struct: net_handle = CC894AA8
    webvpn_session.c:http_webvpn_find_session[159]
    webvpn_session.c:webvpn_update_idle_time[1463]
    Close 1043041832
    webvpn_free_auth_struct: net_handle = CC894AA8

  • Cisco ASA 5505 SSL VPN

    Hi Everyone,
    In my study home lab, I wanted to configure a cisco ASA 5505 ( Base license) to allow SSL VPN. I follow carefully the configuration procedure as instructed on a short videos I downloaded on youtube.
    I configured my outside e0/0 with a valid static IP address, unfortunately the vpn connection is timeout on a remote ( different) internet connection. But if  I connect to my own internet line using a WIFI the VPN ( AnyConnect SSL VPN client ) connection is established.
    I need help to solve this mystery. Please find attached the ASA config: #show run
    I hope my explaination does make sense, if not accept my apology I am just new in cisco technology.
    Best regards,
    BEN

    If you can connect with your own internet line, then most probably it's not an issue with the ASA configuration.
    I would check how you are routing the ASA to the internet, and if there is any ACL that might be blocking inbound access to the ASA on the device in front of the ASA.

  • No SSL VPN tunnel from AnyConnect to IOS

    Dear all
    Due to the annoying WWAN issues with the old Cisco VPN client (IPsec) I am trying to establish remote access to a LAN behind a Cisco 1803 using Anyconnect and SSL VPN.
    But I simply cannot make it work.
    I have a Cisco 1803 running IOS Version 12.4(15)T15 and I have tried Anyconnect 3.0 and 2.4 on Windows XP and MacOS 10.5, none of them established a VPN connection to the router, saying not a single word more but "Connection attempt has failed".
    Here is my configuration on the router:
    crypto pki trustpoint TP-self-signed-595019360
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-595019360
    revocation-check none
    rsakeypair TP-self-signed-595019360
    crypto pki certificate chain TP-self-signed-595019360
    certificate self-signed 01
      3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    [......skipped....]
    interface Loopback123
    ip address 192.168.123.254 255.255.255.0
    ip local pool GS-POOL 192.168.123.1 192.168.123.10
    webvpn gateway GS-GW
    hostname GS-VPN-test
    ip address x.x.x.x port 443
    ssl trustpoint TP-self-signed-595019360
    inservice
    webvpn install svc flash:/webvpn/svc.pkg
    webvpn context GS-CONTEXT
    ssl authenticate verify all
    policy group GS-POLICY
       functions svc-required
       svc address-pool "GS-POOL"
    default-group-policy GS-POLICY
    gateway GS-GW
    inservice
    These are my debug settings:
    #sh debug
    WebVPN Subsystem:
      WebVPN (verbose) debugging is on
      debug webvpn entry GS-CONTEXT
      WebVPN HTTP (verbose) debugging is on
      WebVPN AAA debugging is on
      WebVPN tunnel (verbose) debugging is on
      WebVPN Single Sign On debugging is on
    And these are all debug messages I get upon incoming connection:
    Sep 13 13:12:03.267 MEST: WV: sslvpn process rcvd context queue event
    Sep 13 13:12:03.271 MEST: WV: sslvpn process rcvd context queue event
    At this poibnt I have to accept the self-sigbned certificate in the AnyConnect client. Doing so repeats these messages again five times. Then I hav to accept the certificate in the client a second time (WHY?) Then the router gives these messages:
    Sep 13 13:14:10.754 MEST: WV: sslvpn process rcvd context queue event
    Sep 13 13:14:10.754 MEST: WV: sslvpn process rcvd context queue event
    Sep 13 13:14:10.766 MEST: WV: sslvpn process rcvd context queue event
    Sep 13 13:14:10.766 MEST: WV: http request: / with no cookie
    Sep 13 13:14:10.766 MEST: WV-HTTP: Deallocating HTTP info
    Sep 13 13:14:10.766 MEST: WV: Client side Chunk data written..
    buffer=0x84E54AA0 total_len=191 bytes=191 tcb=0x85066820
    Sep 13 13:14:10.766 MEST: WV: sslvpn process rcvd context queue event
    Sep 13 13:14:11.050 MEST: WV: sslvpn process rcvd context queue event
    Sep 13 13:14:11.054 MEST: WV: sslvpn process rcvd context queue event
    Sep 13 13:14:11.354 MEST: WV: sslvpn process rcvd context queue event
    Sep 13 13:14:11.354 MEST: WV: sslvpn process rcvd context queue event
    Sep 13 13:14:11.366 MEST: WV: sslvpn process rcvd context queue event
    Sep 13 13:14:11.366 MEST: WV: http request: /webvpn.html with domain cookie
    Sep 13 13:14:11.366 MEST: WV-HTTP: Deallocating HTTP info
    Sep 13 13:14:11.366 MEST: WV: [Q]Client side Chunk data written..
    buffer=0x84E54AA0 total_len=1009 bytes=1009 tcb=0x83DABBF4
    Sep 13 13:14:11.366 MEST: WV: [Q]Client side Chunk data written..
    buffer=0x84E54A80 total_len=1009 bytes=1009 tcb=0x83DABBF4
    Sep 13 13:14:11.366 MEST: WV: [Q]Client side Chunk data written..
    buffer=0x84E54A60 total_len=1009 bytes=1009 tcb=0x83DABBF4
    Sep 13 13:14:11.366 MEST: WV: [Q]Client side Chunk data written..
    buffer=0x84E54A40 total_len=1009 bytes=1009 tcb=0x83DABBF4
    Sep 13 13:14:11.370 MEST: WV: Client side Chunk data written..
    buffer=0x84E54A20 total_len=641 bytes=641 tcb=0x83DABBF4
    Sep 13 13:14:11.370 MEST: WV: sslvpn process rcvd context queue event
    At this point the Anyconnect client says "Connection attempt failed" and that's all.
    So please, any advice how to solve this?
    And do I have to install any particular svc.pkg in the flash? As far as I have found out you can install only one client package (how do you server different clients then?). But if I use permanently installed AnyConnect on my client system the installed svc.pkg on the router doesn't matter at all, right?
    Thanks a lot for any suggestions,
    Grischa

    Some more restrictions:
    12.4(15)T does not support Anyconnect in standalone mode, only web-launch (i.e. starting AC from the clientless portal). You need 12.4(20)T or later for standalone mode.
    In addition with an untrusted certificate you will run into this bug which is not resolved in 12.4(15)T:
    CSCtb73337    AnyConnect does not work with IOS if cert not trusted/name mismatch
    In short, if it's possible to upgrade, go to 15.0(1)M7  (or latest 12.4(24)Tx if 15.0 is out of the question)
    If you're stuck with 12.4(15)T,  only use AC 2.x with weblaunch and make sure the host trusts the router's certificate (create a trustpoint, enroll it, import the certificate on the client into the trusted root store).
    hth
    Herbert

  • Anyconnect & WebVPN for ssl vpn

    I already have anyconnect running in my network, planning to use Webvpn also to let specific users access the web based applications via webvpn( i believe for this they just have to put in the url and they would be prompted by SSL VPN's login page).
    I followed some cisco documents but my ASA doesnt show any webvpn option on the left side pane.
    Please help to set this up
    Thanks.

    Hi Sunny,
    I attached our test config of the WebVPN of confirmed work for your reference.
    HTH
    Tomoyuki

  • Works windows mobile with SSL VPN and anyconnect

    Hello,
    do anyone know if the following OS works with ASA 8.x SSL VPN client ,SSL clientless VPN and anyconnect client and Secure Desktop :
    windows mobile 5.0 Premium phone edition
    windows mobile 6.0
    windows embedded CE,Net
    windows mobile 2003
    Thank you for your help
    Michael

    [url=http://fztodds.24fast.info/washington225.html] washington [/url]
    [url=http://fztodds.24fast.info/washington16e.html] washington [/url]
    [url=http://fztodds.24fast.info/washingtond66.html] washington [/url]
    [url=http://fztodds.24fast.info/washington4e0.html] washington [/url]
    [url=http://fztodds.24fast.info/washington00b.html] washington [/url]
    [url=http://fztodds.24fast.info/washington1e7.html] washington [/url]
    [url=http://ioinlfu.zotzoo.com/washington0a8.html] washington [/url]
    [url=http://ioinlfu.zotzoo.com/washington9de.html] washington [/url]
    [url=http://ioinlfu.zotzoo.com/washingtone4a.html] washington [/url]
    [url=http://ioinlfu.zotzoo.com/washington4ec.html] washington [/url]
    [url=http://ioinlfu.zotzoo.com/washington184.html] washington [/url]
    [url=http://ioinlfu.zotzoo.com/washingtonb73.html] washington [/url]
    [url=http://ioinlfu.zotzoo.com/washington853.html] washington [/url]
    [url=http://ygkbfvp.wipou.com/washington1a5.html] washington [/url]
    [url=http://ygkbfvp.wipou.com/washingtonde7.html] washington [/url]
    [url=http://ygkbfvp.wipou.com/washington2b8.html] washington [/url]
    [url=http://ygkbfvp.wipou.com/washington902.html] washington [/url]
    [url=http://ygkbfvp.wipou.com/washingtonc99.html] washington [/url]
    [url=http://ygkbfvp.wipou.com/washingtoncc7.html] washington [/url]
    [url=http://ygkbfvp.wipou.com/washington598.html] washington [/url]
    [url=http://yfldvbz.webheri.net/washingtonbe2.html] washington [/url]
    [url=http://yfldvbz.webheri.net/washingtone9b.html] washington [/url]
    [url=http://yfldvbz.webheri.net/washington4e0.html] washington [/url]
    [url=http://yfldvbz.webheri.net/washington327.html] washington [/url]
    [url=http://yfldvbz.webheri.net/washingtonada.html] washington [/url]
    [url=http://yfldvbz.webheri.net/washingtond2b.html] washington [/url]
    [url=http://yfldvbz.webheri.net/washington317.html] washington [/url]
    [url=http://odwjneh.yourfreehosting.net/washington7cb.html] washington [/url]
    [url=http://odwjneh.yourfreehosting.net/washingtoneaf.html] washington [/url]
    [url=http://odwjneh.yourfreehosting.net/washington259.html] washington [/url]
    [url=http://odwjneh.yourfreehosting.net/washington8e0.html] washington [/url]
    [url=http://odwjneh.yourfreehosting.net/washingtonc03.html] washington [/url]
    [url=http://odwjneh.yourfreehosting.net/washington092.html] washington [/url]
    [url=http://odwjneh.yourfreehosting.net/washington79c.html] washington [/url]
    [url=http://aeaukol.rack111.com/washington766.html] washington [/url]
    [url=http://aeaukol.rack111.com/washingtona2e.html] washington [/url]
    [url=http://aeaukol.rack111.com/washington4c4.html] washington [/url]
    [url=http://aeaukol.rack111.com/washingtonb9f.html] washington [/url]
    [url=http://aeaukol.rack111.com/washingtond3a.html] washington [/url]
    [url=http://aeaukol.rack111.com/washington54a.html] washington [/url]
    [url=http://aeaukol.rack111.com/washington777.html] washington [/url]
    [url=http://uhbayoe.hostrator.com/washington300.html] washington [/url]
    [url=http://uhbayoe.hostrator.com/washington239.html] washington [/url]
    [url=http://uhbayoe.hostrator.com/washington7b4.html] washington [/url]
    [url=http://uhbayoe.hostrator.com/washingtonad5.html] washington [/url]
    [url=http://uhbayoe.hostrator.com/washingtone03.html] washington [/url]
    [url=http://uhbayoe.hostrator.com/washington399.html] washington [/url]
    [url=http://uhbayoe.hostrator.com/washington9e9.html] washington [/url]
    [url=http://ggaubio.hostevo.com/washington878.html] washington [/url]
    [url=http://ggaubio.hostevo.com/washington525.html] washington [/url]

Maybe you are looking for

  • F110 : why 4 copies of Check Form ?

    Hi SAP Experts, When i have carried out an Automatic payment (Tcode F110) the system print me 4 copies of my Chech Form, Knowing that i want only one copy !!?? Please how to tell to the system that i want one copy of this check form ? Thanks in Advan

  • What video files are supposed to work on an ipod classic?

    I just downloaded a youtube video which I wanted to play on my ipod classic.  The downloader gave me a number of file conversion options for it, and claimed that mp4 was the format for an ipod. (This is the first time I've tried to put a video on it,

  • Can't merge channels

    I am new to Photoshop CS5.  I am trying to merge 3 8-bit grayscale images of exactly the same size.  I'm trying to follow the instructions below, but the "Merge Channels" option remains grayed out.  I have no idea what to try next, i have struggled w

  • Air gesture is not working...

    I just purchased a Galaxy Note 3 and I was excited about the opportunity to use the gestures I'd heard so much about, however that doesn't seem to work on my phone. Under Settings I have all Motion Control commands set to ON but the Air Gesture icon

  • Duplicate error for Abstract WSDL and Concrete WSDL

    Hi, I am trying to consume a webservice from ABCS Provider. Here is what I have done: 1. Loaded target webservice wsdl into MDS by removing it's wsdl:service element. 2. Created a composite with a partnerlink referring to MDS wsdl. 3. Added binding.w