Anyconnect SSL VPN States Contacting...
I had my ssl vpn working and now the anyconnect client that I downloaded just says Contacting... It will not give me an error at all. If I use the Anyconnect App on my droid phone it says "Anyconnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network." I previously had the droid app work as well and I have made no changes to the VPN configuration. Here is my config and version numbers:
anyconnect-win-2.5.2014-k9.pkg
c2800nm-adventerprisek9-mz.151-4.M5.bin
webvpn gateway gateway_1
ip interface Dialer1 port 443
ssl trustpoint SSL-VPN
inservice
webvpn install svc flash:/webvpn/anyconnect-win-2.5.2014-k9.pkg sequence 1
webvpn context SSL-VPN
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
policy group policy_1
functions svc-enabled
svc address-pool "SSL-VPN" netmask 255.255.255.0
svc default-domain "<DOMAIN>"
svc keep-client-installed
svc split include 192.168.0.0 255.255.0.0
svc dns-server primary <IP>
default-group-policy policy_1
gateway gateway_1
inservice
Any suggestions would be greatly appriciated.
I had my ssl vpn working and now the anyconnect client that I downloaded just says Contacting... It will not give me an error at all. If I use the Anyconnect App on my droid phone it says "Anyconnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network." I previously had the droid app work as well and I have made no changes to the VPN configuration. Here is my config and version numbers:
anyconnect-win-2.5.2014-k9.pkg
c2800nm-adventerprisek9-mz.151-4.M5.bin
webvpn gateway gateway_1
ip interface Dialer1 port 443
ssl trustpoint SSL-VPN
inservice
webvpn install svc flash:/webvpn/anyconnect-win-2.5.2014-k9.pkg sequence 1
webvpn context SSL-VPN
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
policy group policy_1
functions svc-enabled
svc address-pool "SSL-VPN" netmask 255.255.255.0
svc default-domain "<DOMAIN>"
svc keep-client-installed
svc split include 192.168.0.0 255.255.0.0
svc dns-server primary <IP>
default-group-policy policy_1
gateway gateway_1
inservice
Any suggestions would be greatly appriciated.
Similar Messages
-
ASA5520 AnyConnect SSL VPN Connected but unable to ping my inside LAN
Hi there, please forgive if I have missed any forum protocols as this is my first post.
I am trying to configure Anyconnect SSL VPN. I am able to connect to the VPN on a laptop, witch is able to download the anyconnect client from the ASA. I am unable to ping any of my IP's that are on the inside of my ASA. Before posting here I have spent many hours on forums and watching videos on anyconnect SSL VPN creation and I am following it to the T but still no ping. Any help would be very much appreciated.
Inside 192.168.1.254/24
Outside dhcp
VPN Pool 192.168.250.1-50/24
Inside LAN 192.168.1.0/24
: Saved
ASA Version 8.4(4)1
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address dhcp setroute
interface GigabitEthernet0/1
nameif inside
security-level 99
ip address 192.168.1.254 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 99
ip address 192.168.100.1 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name dock.local
same-security-traffic permit inter-interface
object network inside-network-object
subnet 192.168.1.0 255.255.255.0
object network management-network-object
subnet 192.168.100.0 255.255.255.0
object network NETWORK_OBJ_192.168.250.0_25
subnet 192.168.250.0 255.255.255.128
object-group network AllInside-networks
network-object object inside-network-object
network-object object management-network-object
access-list inside_access_in extended permit ip any any
access-list outside_access_in extended permit icmp any any echo-reply
access-list split_tunnel standard permit 192.168.1.0 255.255.255.0
access-list split_tunnel standard permit 192.168.100.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool vpn_pool 192.168.250.1-192.168.250.100 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic AllInside-networks interface
nat (inside,any) source static any any destination static NETWORK_OBJ_192.168.250.0_25 NETWORK_OBJ_192.168.250.0_25 no-proxy-arp route-lookup
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable 4433
http 192.168.100.0 255.255.255.0 management
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh 192.168.100.0 255.255.255.0 management
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-3.1.03103-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_anyconnect internal
group-policy GroupPolicy_anyconnect attributes
wins-server none
dns-server value 8.8.8.8
vpn-tunnel-protocol ssl-client ssl-clientless
split-tunnel-policy tunnelall
split-tunnel-network-list value split_tunnel
default-domain value dock.local
username test password JAasdf434ey521ZCT encrypted privilege 15
tunnel-group anyconnect type remote-access
tunnel-group anyconnect general-attributes
address-pool vpn_pool
default-group-policy GroupPolicy_anyconnect
tunnel-group anyconnect webvpn-attributes
group-alias anyconnect enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
[email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:24bcba3c4124ab371297d52260135924
: end :: Saved
ASA Version 8.4(4)1
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address dhcp setroute
interface GigabitEthernet0/1
nameif inside
security-level 99
ip address 192.168.1.254 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 99
ip address 192.168.100.1 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name dock.local
same-security-traffic permit inter-interface
object network inside-network-object
subnet 192.168.1.0 255.255.255.0
object network management-network-object
subnet 192.168.100.0 255.255.255.0
object network NETWORK_OBJ_192.168.250.0_25
subnet 192.168.250.0 255.255.255.0
object-group network AllInside-networks
network-object object inside-network-object
network-object object management-network-object
access-list inside_access_in extended permit ip any any
access-list outside_access_in extended permit icmp any any echo-reply
access-list split_tunnel standard permit 192.168.1.0 255.255.255.0
access-list split_tunnel standard permit 192.168.100.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool Anyconnect-pool 192.168.250.1-192.168.250.100 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic AllInside-networks interface
nat (inside,outside) source static inside-network-object inside-network-object destination static NETWORK_OBJ_192.168.250.0_25 NETWORK_OBJ_192.168.250.0_25
nat (inside,outside) source static management-network-object management-network-object destination static NETWORK_OBJ_192.168.250.0_25 NETWORK_OBJ_192.168.250.0_25
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.100.2 255.255.255.255 management
http 192.168.100.0 255.255.255.0 management
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh 192.168.100.0 255.255.255.0 management
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-3.1.03103-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_Anyconnect_VPN internal
group-policy GroupPolicy_Anyconnect_VPN attributes
wins-server none
dns-server value 8.8.8.8
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelall
split-tunnel-network-list value split_tunnel
default-domain value dock.local
username sander password f/J.5nLef/EqyPfy encrypted
username aveha password JA8X3IiqPvFFsZCT encrypted privilege 15
tunnel-group Anyconnect_VPN type remote-access
tunnel-group Anyconnect_VPN general-attributes
address-pool Anyconnect-pool
default-group-policy GroupPolicy_Anyconnect_VPN
tunnel-group Anyconnect_VPN webvpn-attributes
group-alias Anyconnect_VPN enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
[email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:4636fa566ffc11b0f7858b760d974dee
: end: -
AnyConnect SSL VPN Vista split-tunneling
I recently setup an ASA5510 with 8.0fw with the AnyConnect SSL VPN Client.
Connecting to the SSL VPN works perfectly from all the XP computers that I have tested from. No problems there. However when on Vista, split-tunneling does not seem to function properly. Everything connects and works fine, and I can get to the defined secured remote nets, however I can't access anything out my default gateway(un-secured traffic). It seems like it might be a problem with Vista security features. When I try to ping out to any outside host, I get:
PING: transmit failed, error code 1231.
I can actually ping my default gateway, but nothing gets routed past it without the above error. I've also confirmed this several Vista installations, with Administrator + UAC disabled. Anyone else?I have done the same testing, and on both Vista 32bit and 64Bit the split tunneling does not seem to work. Also I found that this is a "known" bug
From the Release Notes::
AnyConnect Split-tunneling Does Not Work on Windows Vista - AnyConnect split-tunneling works correctly with Windows XP and Windows 2000 (CSCsi82315)
I am happy that 64Bit works but will hold off on roll out until split-tunneling is fixed.
Cassidy -
Cisco ASA 5505 AnyConnect SSL VPN problem
Hi!
I have a small network, wiht ASA 5505, 8.4:
Inside network: 192.168.2.0/24
Outside: Static IP
I would like to deploy a SSL AnyConnect setup.
The state:
-I give the correct IP from my predefined VPN pool (10.10.10.0/24).
But, could not reach any resource, could not ping too. My host has given 10.10.10.1 IP, and I had a GW: 10.10.10.2. Where is this GW from?
Could you help me?
Here is my config (I omitted my PUBLIC IP, and GW):
Result of the command: "show running-config"
: Saved
ASA Version 8.4(4)1
hostname valamiASA
domain-name valami.local
enable password OeyyCrIqfUEmzen8 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
switchport access vlan 12
interface Vlan1
description LAN
no forward interface Vlan12
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Vlan2
description WAN
nameif outside
security-level 0
ip address MY_STATIC_IP 255.255.255.248
interface Vlan12
description Vendegeknek a valamiHotSpot WiFi-hez
nameif guest
security-level 100
ip address 192.168.4.1 255.255.255.0
management-only
ftp mode passive
clock timezone GMT 0
dns domain-lookup inside
dns domain-lookup outside
dns domain-lookup guest
dns server-group DefaultDNS
name-server 62.112.192.4
name-server 195.70.35.66
domain-name valami.local
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network inside-net
subnet 192.168.2.0 255.255.255.0
object network guest-net
subnet 192.168.3.0 255.255.255.0
object network NETWORK_OBJ_192.168.2.128_25
subnet 192.168.2.128 255.255.255.128
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object icmp
access-list global_access extended permit object-group DM_INLINE_PROTOCOL_3 any any
access-list AnyConnect_Client_Local_Print extended deny ip any any
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any any
access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu guest 1500
ip local pool valami_vpn_pool 10.10.10.1-10.10.10.10 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
no asdm history enable
arp timeout 14400
object network inside-net
nat (inside,outside) dynamic interface
object network guest-net
nat (guest,outside) dynamic interface
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
access-group global_access global
route outside 0.0.0.0 0.0.0.0 MY_STATIC_GW 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa local authentication attempts max-fail 16
http server enable
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable inside
enable outside
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_valami_VPN internal
group-policy GroupPolicy_valami_VPN attributes
wins-server value 192.168.2.2
dns-server value 192.168.2.2
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelall
default-domain value valami.local
webvpn
anyconnect ssl rekey time 30
anyconnect ssl rekey method ssl
anyconnect ask enable default anyconnect timeout 30
customization none
deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information.
username test password P4ttSyrm33SV8TYp encrypted
tunnel-group valami_VPN type remote-access
tunnel-group valami_VPN general-attributes
address-pool valami_vpn_pool
default-group-policy GroupPolicy_valami_VPN
tunnel-group valami_VPN webvpn-attributes
group-alias valami_VPN enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:d54de340bb6794d90a9ee52c69044753
: endFirst of all thanks your link.
I know your notes, but i don't understand 1 thing:
if i check nat exemption in the anyconnect wizad, why should i make nat exemption rule?
A tried creating a roule, but it is wrong.
My steps (on ASDM):
1: create network object (10.10.10.0/24), named VPN
2: create nat rule: source any, destination VPN, protocol any
Here is my config:
Result of the command: "show running-config"
: Saved
ASA Version 8.4(4)1
hostname companyASA
domain-name company.local
enable password OeyyCrIqfUEmzen8 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
switchport access vlan 12
interface Vlan1
description LAN
no forward interface Vlan12
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Vlan2
description WAN
nameif outside
security-level 0
ip address 77.111.103.106 255.255.255.248
interface Vlan12
description Vendegeknek a companyHotSpot WiFi-hez
nameif guest
security-level 100
ip address 192.168.4.1 255.255.255.0
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns domain-lookup inside
dns domain-lookup outside
dns domain-lookup guest
dns server-group DefaultDNS
name-server 62.112.192.4
name-server 195.70.35.66
domain-name company.local
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network inside-net
subnet 192.168.2.0 255.255.255.0
object network guest-net
subnet 192.168.3.0 255.255.255.0
object network NETWORK_OBJ_192.168.2.128_25
subnet 192.168.2.128 255.255.255.128
object network WEBSHOP
host 192.168.2.2
object network INSIDE_HOST
host 10.100.130.5
object network VOIP_management
host 192.168.2.215
object network Dev_1
host 192.168.2.2
object network Dev_2
host 192.168.2.2
object network RDP
host 192.168.2.2
object network Mediasa
host 192.168.2.17
object network VOIP_ePhone
host 192.168.2.215
object network NETWORK_OBJ_192.168.4.0_28
subnet 192.168.4.0 255.255.255.240
object network NETWORK_OBJ_10.10.10.8_29
subnet 10.10.10.8 255.255.255.248
object network VPN
subnet 10.10.10.0 255.255.255.0
object network VPN-internet
subnet 10.10.10.0 255.255.255.0
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object icmp
access-list global_access extended permit object-group DM_INLINE_PROTOCOL_3 any any
access-list AnyConnect_Client_Local_Print extended deny ip any any
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any any
access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu guest 1500
ip local pool company_vpn_pool 10.10.10.10-10.10.10.15 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
no asdm history enable
arp timeout 14400
nat (any,any) source static any any destination static VPN VPN
nat (inside,outside) source static inside-net inside-net destination static VPN VPN
object network inside-net
nat (inside,outside) dynamic interface
object network guest-net
nat (guest,outside) dynamic interface
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
access-group global_access global
route outside 0.0.0.0 0.0.0.0 77.111.103.105 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa local authentication attempts max-fail 16
http server enable
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable inside
enable outside
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_company_VPN internal
group-policy GroupPolicy_company_VPN attributes
wins-server value 192.168.2.2
dns-server value 192.168.2.2
vpn-tunnel-protocol l2tp-ipsec
split-tunnel-policy tunnelall
default-domain value company.local
webvpn
anyconnect ssl rekey time 30
anyconnect ssl rekey method ssl
anyconnect ask enable default anyconnect timeout 30
customization none
deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information.
group-policy GroupPolicy_VPN internal
group-policy GroupPolicy_VPN attributes
wins-server none
dns-server value 62.112.192.4 195.70.35.66
vpn-tunnel-protocol ssl-client
default-domain value company.local
username test password P4ttSyrm33SV8TYp encrypted
tunnel-group company_VPN type remote-access
tunnel-group company_VPN general-attributes
address-pool company_vpn_pool
default-group-policy GroupPolicy_company_VPN
tunnel-group company_VPN webvpn-attributes
group-alias company_VPN enable
tunnel-group VPN type remote-access
tunnel-group VPN general-attributes
address-pool company_vpn_pool
default-group-policy GroupPolicy_VPN
tunnel-group VPN webvpn-attributes
group-alias VPN enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect icmp error
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:33ee37a3722f228f9be9b84ef43f731e
: end
Could you give me a CLI-code?
(or ASDM steps). -
Anyconnect SSL VPN Authentication Feilure
Dear All,
I have configured an Asa 5510 as SSL vpn gataway ver 8.2(4) Anyconnect Essential. The clients are authenticated via Radius and OTP password.
All work well since yesterday. When I have did same configuration changes. My objective was has that the clients accept the self signed certificate issued by the Asa whitout give the warning about the private cert.
So I have try to generaste a new certificate with FQDN equal to myasa.mydomain.com and also a CN=myasa
Then I have change the provile XML file of my anyconnect in this way:
<HostEntry>
<HostName>myasa</HostName>
<HostAddress>xxx.xxx.xxx.xxx</HostAddress>
<PrimaryProtocol>SSL</PrimaryProtocol>
Then I installed the certificate on my Win7 Pc in the Trusted Root Certification Authority.
The result of all my changes is that now the login fail! Someone could help me pls?
webvpn_allocate_auth_struct: net_handle = DA0C3608
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name = VPNSSL
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_login_resolve_tunnel_group: tgCookie = NULL
webvpn_login_resolve_tunnel_group: tunnel group name from group list
webvpn_login_resolve_tunnel_group: TG_BUFFER = VPNSSL
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 1
webvpn_portal.c:webvpn_login_aaa_not_resuming[3137]
webvpn_portal.c:http_webvpn_kill_cookie[790]
webvpn_auth.c:http_webvpn_pre_authentication[2321]
WebVPN: calling AAA with ewsContext (-636397680) and nh (-636733944)!
webvpn_add_auth_handle: auth_handle = 95
WebVPN: started user authentication...
webvpn_auth.c:webvpn_aaa_callback[5163]
WebVPN: AAA status = (ACCEPT)
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name = VPNSSL
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 1
webvpn_portal.c:webvpn_login_aaa_resuming[3093]
webvpn_auth.c:http_webvpn_post_authentication[1485]
WebVPN: user: ([email protected]) authenticated.
webvpn_auth.c:http_webvpn_auth_accept[2939]
WARNING: CSD is disabled by AnyConnect Essentials license.
webvpn_session.c:http_webvpn_create_session[184]
webvpn_session.c:http_webvpn_find_session[159]
WebVPN session created!
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_destroy_session[1386]
webvpn_remove_auth_handle: auth_handle = 95
WARNING: CSD is disabled by AnyConnect Essentials license.
WARNING: CSD is disabled by AnyConnect Essentials license.
webvpn_portal.c:webvpn_determine_primary_username[5689]
webvpn_portal.c:webvpn_determine_secondary_username[5758]
webvpn_portal.c:ewaFormServe_webvpn_login[1974]
webvpn_portal.c:http_webvpn_kill_cookie[790]
APP_BUFFER: <option value="VPNSSL" noaaa="0" >dntsbewvpn</option>
webvpn_free_auth_struct: net_handle = DA0C3608
webvpn_allocate_auth_struct: net_handle = DA0C3608
webvpn_free_auth_struct: net_handle = DA0C3608Dear All,
I have found why the authentication was stop to work.
I have lost in the config the command:
svc image disk0:/anyconnect-win-xxxxxk9.pkg 1
Now it works.
Best regards,
Igor. -
Hi Everyone,
I was testing few things at my home lab.
PC---running ssl vpn------------sw------router------------ISP--------------ASA(ssl anyconnect)
anyconnect ssl is working fine and i am also able to access internet.
I am using full tunnel
i have acl on outside interface of ASA
1
True
any
any
ip
Deny
0
Default
i know that ACL is used for traffic passing via ASA.
I need to understand the traffic flow for access to internet via ssl vpn.?
Regards
MAheshAs you say correctly, the interface-ACL is not important for that as the VPN-traffic is not inspected by that ACL. At least not by default.
You can control the traffic with a different ACL that gets applied to the group-policy with the "vpn-filter" command. And of course you need a NAT-rule that translates your traffic when flowing to the internet. That rule has to work on the interface-pair (outside,outside). -
Cisco AnyConnect SSL VPN no split tunnel and no hairpinning internet access
Greetings,
I am looking to configure a Cisco ASA 5515X for Cisco AnyConnect Essentials SSL VPN where ALL SSL-VPN traffic is tunneled, no split tunneling or hairpinning on the outside interface. However users require internet access. I need to route traffic out the "trusted" or "inside" interface to another device that performs content-filtering and inspection which then egresses out to the internet from there. Typically this could be done using a route-map (which ASA's do not support) or with a VRF (again, not an option on the ASA). The default route points to the outside interface toward the internet.
Is there no other method to force all my SSL-VPN traffic out the inside interface toward LAN subnets as needed and have another default route point toward the filtering device?
OR
Am I forced to put the ASA behind the filtering device somehow?Hi Jim,
You can use tunnel default route for vpn traffic:
ASA(config)# route inside 0.0.0.0 0.0.0.0 <inside hop> tunneled
configure mode commands/options:
<1-255> Distance metric for this route, default is 1
track Install route depending on tracked item
tunneled Enable the default tunnel gateway option, metric is set to 255
This route is applicable for only vpn traffic.
HTH,
Shetty -
Anyconnect SSL-VPN - DNS Lookups (external) doesn't work
Hello,
I have issues with my SSL AnyConnect VPN setup on my ASA 5512-x. The VPN , split tunneling and NAT exempt is working fine and i can connect to internal hosts.
However, external or internal DNS requests doesn't work on the clients (Windows, Anyconnect). I want full split tunneling, ie DNS requests should not go through the VPN.
The DNS requests works through NSLOOKUP but not in ping and in any browser.
(The config, request more if i've omitted something important).
ASA Version 8.6(1)2
access-list vlan42-splittunneling standard permit 192.168.42.0 255.255.255.0
ip local pool vlan42test 192.168.199.50-192.168.199.55 mask 255.255.255.0
address-pools value vlan42test
nat (any,any) source static any any destination static VPN-pool-range VPN-pool-range
object network VPN-pool-range
range 192.168.199.10 192.168.199.254
webvpn
enable Outside
anyconnect image disk0:/anyconnect-win-3.1.04072-k9.pkg 1
anyconnect enable
group-policy vlan42-clientvpn-policy internal
group-policy vlan42-clientvpn-policy attributes
wins-server none
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vlan42-splittunneling
default-domain value doesntmatter.local
split-dns value doesntmatter.local
vlan none
address-pools value vlan42test
vpn-group-policy vlan42-clientvpn-policy
vpn-simultaneous-logins 20
service-type remote-access
tunnel-group vlan42-con-profile type remote-access
tunnel-group vlan42-con-profile general-attributes
authentication-server-group ah
default-group-policy vlan42-clientvpn-policy
tunnel-group vlan42-con-profile webvpn-attributes
group-alias privatecloud42 enable
group-url https://vpn.**.com/privatecloud42 enable
I gladly appreciate your help. Thank you.I don't have experience with the ssl client and vista, but I do use the new Anyconnect SSL client with vista. All you need to do is upgrade the ASA to version 8. Hope that helps.
-
AnyConnect (SSL VPN on IoS) - Connection stuck on Android
Hiya,
I have an Any Connect WebVpn (ssl vpn?) set up on an IOS 15.2(4)M4. My current WebVPN is set up for Cisco Phones to use SSL VPN to connect to a Cisco Call Manager (CUCM 9.x). I also tried connecting with an Any Connect client from a PC and it seems to work fine.
The issue is when I try to connect through an Android device, I get the following output from 'debug webvpn':
Jan 10 16:04:17.192: WV: sslvpn process rcvd context queue event
Jan 10 16:04:17.192: WV: sslvpn process rcvd context queue event
Jan 10 16:04:17.220: WV: sslvpn process rcvd context queue event
Jan 10 16:04:17.224: WV: sslvpn process rcvd context queue event
Jan 10 16:04:17.224: WV: Entering APPL with Context: 0x242D9C30,
Data buffer(buffer: 0x242F2930, data: 0xD9E7658, len: 0,
offset: 0, domain: 0)
Jan 10 16:04:17.224: WV: Fragmented App data - buffered
Jan 10 16:04:17.224: WV: Entering APPL with Context: 0x242D9C30,
Data buffer(buffer: 0x242F2470, data: 0xEA4D858, len: 884,
offset: 0, domain: 0)
tbr-edi-2901#
Jan 10 16:04:17.224: WV: http request: / with no cookie
Jan 10 16:04:17.224: WV: validated_tp : cert_username : matched_ctx :
Jan 10 16:04:17.224: WV: failed to get sslvpn appinfo from opssl
Jan 10 16:04:17.224: WV: Error: Failed to get vw_ctx
Jan 10 16:04:17.224: WV: Appl. processing Failed : 2
Jan 10 16:04:18.344: WV: sslvpn process rcvd context queue event
Jan 10 16:04:18.348: WV: sslvpn process rcvd context queue event
Jan 10 16:04:18.376: WV: sslvpn process rcvd context queue event
and then the messages in italics above keep on appearing in an endless loop.
Any ideas what could be the issue.
Any help is highly appreciated.
Thanks,
DavidHi,
I'm having the same issue please let me know if yo found the solution. Thanks in advance -
SSL-VPN Anyconnect fails after rebooting 2811
Hello all,
I have setup an Anyconnect SSL-VPN in my 2811 and it works just great, but then after the reboot it fails. I think it has something to do with the SSL Cert being ereased. Here is my configuration, please let me know if you need anything else:
! Last configuration change at 02:03:27 CDT Thu Sep 27 2012
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
aaa new-model
aaa session-id common
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-XXXXXXXXXX
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-XXXXXXXXXX
revocation-check none
crypto pki certificate chain TP-self-signed-XXXXXXXXXX
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31363535 34343437 3534301E 170D3132 30393237 30373033
34365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36353534
34343735 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
810096FE 9114BCED E2FA2297 CE41A6F5 73078E18 C1109993 48E2629E 78713B48
E6EA7C79 17C8E159 C057A05B F3CAFB4D 36AE9196 AAC4A2BF 586CF144 A81E50FC
5261BFCF 0A11064F C9F19A4C 953DFBF8 65194AD2 73100EE0 FBFE7EB6 0AD16875
7C1C03AE B3A461E2 9837E057 E2A8AE94 F11FDA8A 98AF8107 C0D9FF14 3CF1C62E
BE090203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1425F172 BAFEAA95 A90FA3D7 A3482174 6F951194 52301D06
03551D0E 04160414 25F172BA FEAA95A9 0FA3D7A3 4821746F 95119452 300D0609
2A864886 F70D0101 04050003 81810064 30DCCC2D 0506EDF6 61C37B9E DF5D8F9A
A9FE0646 FC72C3F8 A7E10E55 CE6AA592 7385931A DDFE95B7 47ED3690 2C3F8B43
9A637526 1464D94E 3A71D235 A14C0551 70E3ED2F F51B07E3 4379E2AF CCA03416
10DDF3E1 784D053B A9E4A624 E34BDDFB BA638658 58E30B74 55A62B02 BDC493A8
23191E2E E4BF390B D62DAA2B 351C09
quit
username USERNAME privilege 15 secret 5 $1$Pc/.$y6kJb0xpe.77ciRHZTJ8A.
ip local pool SSL-VPN 192.168.11.5 192.168.11.8
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
bvpn gateway gateway_1
ip interface Dialer1 port 443
ssl trustpoint SSL-VPN
inservice
webvpn install svc flash:/webvpn/anyconnect-win-2.5.2014-k9.pkg sequence 1
webvpn context SSL-VPN
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
policy group policy_1
functions svc-enabled
svc address-pool "SSL-VPN"
svc default-domain "DOMAIN"
svc keep-client-installed
svc split include 192.168.0.0 255.255.0.0
svc dns-server primary DNS-SERVER
default-group-policy policy_1
gateway gateway_1
inserviceHere is the bug description that matches your explaination of the issue:
MF: HTTPS generates a new self-signed cert on reboot even if one exists
Symptom:
With Secure HTTP server enabled, IOS device generates a new self-signed certificate when it reloads even if a valid self-signed certificate already exists.
Conditions:
When there is no CA(Certificate Authority) provided certificate on the device
Workaround:
Use CA provided certificate.
The resolution is to upgrade it to version 15.2(1)T or higher.
Unfortunately you would need to have SmartNet contract to be able to download the software from CCO. -
SSL VPN, "Login failed" and "WebVPN: error creating WebVPN session!"
Hi,
Just ran the wizard for Anyconnect SSL VPN, created a tunnel group, a vpn pool and added user to it. When trying to logon on the SSL service, it simply says "login failed". I suspect that the user might not be in correct groups or so?
some relevant config
webvpn
enable wan
svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
svc enable
group-policy vpnpolicy1 internal
group-policy vpnpolicy1 attributes
vpn-tunnel-protocol svc
tunnel-group admins type remote-access
tunnel-group admins general-attributes
address-pool sslpool2
default-group-policy vpnpolicy1
username myuser password 1234567890 encrypted privilege 15
username myuser attributes
vpn-group-policy vpnpolicy1
Debug:
asa01# debug webvpn 255
INFO: debug webvpn enabled at level 255.
asa01# webvpn_allocate_auth_struct: net_handle = CD5734D0
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_login_resolve_tunnel_group: tgCookie = NULL
webvpn_login_resolve_tunnel_group: tunnel group name from default
webvpn_login_resolve_tunnel_group: TG_BUFFER = DefaultWEBVPNGroup
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_portal.c:webvpn_login_aaa_not_resuming[3137]
webvpn_portal.c:http_webvpn_kill_cookie[790]
webvpn_auth.c:http_webvpn_pre_authentication[2321]
WebVPN: calling AAA with ewsContext (-867034168) and nh (-849922864)!
webvpn_add_auth_handle: auth_handle = 17
WebVPN: started user authentication...
webvpn_auth.c:webvpn_aaa_callback[5138]
WebVPN: AAA status = (ACCEPT)
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_portal.c:webvpn_login_aaa_resuming[3093]
webvpn_auth.c:http_webvpn_post_authentication[1485]
WebVPN: user: (myuser) authenticated.
webvpn_auth.c:http_webvpn_auth_accept[2938]
webvpn_session.c:http_webvpn_create_session[184]
WebVPN: error creating WebVPN session!
webvpn_remove_auth_handle: auth_handle = 17
webvpn_free_auth_struct: net_handle = CD5734D0
webvpn_allocate_auth_struct: net_handle = CD5734D0
webvpn_free_auth_struct: net_handle = CD5734D0AnyConnect says:
"The secure gateway has rejected the agents VPN connect or reconnect request. A new connection requires re-authentication and must be started manually. Please contact your network administrator if this problem persists.
The following message was received from the secure gateway: Host or network is 0"
Other resources indicate that it's either the tunnel group, or the address pool.. The address pool is:
ip local pool sslpool2 172.16.20.0-172.16.20.254 mask 255.255.255.0
asa01# debug webvpn 255
INFO: debug webvpn enabled at level 255.
asa01# debug http 255
debug http enabled at level 255.
asa01# webvpn_allocate_auth_struct: net_handle = CE9C3208
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_login_resolve_tunnel_group: tgCookie = NULL
webvpn_login_resolve_tunnel_group: tunnel group name from default
webvpn_login_resolve_tunnel_group: TG_BUFFER = DefaultWEBVPNGroup
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_portal.c:webvpn_login_aaa_not_resuming[3137]
webvpn_portal.c:http_webvpn_kill_cookie[790]
webvpn_auth.c:http_webvpn_pre_authentication[2321]
WebVPN: calling AAA with ewsContext (-845538720) and nh (-828624376)!
webvpn_add_auth_handle: auth_handle = 22
WebVPN: started user authentication...
webvpn_auth.c:webvpn_aaa_callback[5138]
WebVPN: AAA status = (ACCEPT)
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_portal.c:webvpn_login_aaa_resuming[3093]
webvpn_auth.c:http_webvpn_post_authentication[1485]
WebVPN: user: (myuser) authenticated.
webvpn_auth.c:http_webvpn_auth_accept[2938]
HTTP: net_handle->standalone_client [0]
webvpn_session.c:http_webvpn_create_session[184]
webvpn_session.c:http_webvpn_find_session[159]
WebVPN session created!
webvpn_session.c:http_webvpn_find_session[159]
webvpn_remove_auth_handle: auth_handle = 22
webvpn_portal.c:ewaFormServe_webvpn_cookie[1805]
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE9C3208
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE9C3208
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE9C3208
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_allocate_auth_struct: net_handle = CE9C3208
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE9C3208
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE863DE8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE863DE8
webvpn_allocate_auth_struct: net_handle = CE863DE8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE863DE8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE863DE8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE863DE8
webvpn_allocate_auth_struct: net_handle = CE863DE8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE863DE8
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_allocate_auth_struct: net_handle = CC894AA8
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
Close 1043041832
webvpn_free_auth_struct: net_handle = CC894AA8 -
Hi Everyone,
In my study home lab, I wanted to configure a cisco ASA 5505 ( Base license) to allow SSL VPN. I follow carefully the configuration procedure as instructed on a short videos I downloaded on youtube.
I configured my outside e0/0 with a valid static IP address, unfortunately the vpn connection is timeout on a remote ( different) internet connection. But if I connect to my own internet line using a WIFI the VPN ( AnyConnect SSL VPN client ) connection is established.
I need help to solve this mystery. Please find attached the ASA config: #show run
I hope my explaination does make sense, if not accept my apology I am just new in cisco technology.
Best regards,
BENIf you can connect with your own internet line, then most probably it's not an issue with the ASA configuration.
I would check how you are routing the ASA to the internet, and if there is any ACL that might be blocking inbound access to the ASA on the device in front of the ASA. -
No SSL VPN tunnel from AnyConnect to IOS
Dear all
Due to the annoying WWAN issues with the old Cisco VPN client (IPsec) I am trying to establish remote access to a LAN behind a Cisco 1803 using Anyconnect and SSL VPN.
But I simply cannot make it work.
I have a Cisco 1803 running IOS Version 12.4(15)T15 and I have tried Anyconnect 3.0 and 2.4 on Windows XP and MacOS 10.5, none of them established a VPN connection to the router, saying not a single word more but "Connection attempt has failed".
Here is my configuration on the router:
crypto pki trustpoint TP-self-signed-595019360
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-595019360
revocation-check none
rsakeypair TP-self-signed-595019360
crypto pki certificate chain TP-self-signed-595019360
certificate self-signed 01
3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
[......skipped....]
interface Loopback123
ip address 192.168.123.254 255.255.255.0
ip local pool GS-POOL 192.168.123.1 192.168.123.10
webvpn gateway GS-GW
hostname GS-VPN-test
ip address x.x.x.x port 443
ssl trustpoint TP-self-signed-595019360
inservice
webvpn install svc flash:/webvpn/svc.pkg
webvpn context GS-CONTEXT
ssl authenticate verify all
policy group GS-POLICY
functions svc-required
svc address-pool "GS-POOL"
default-group-policy GS-POLICY
gateway GS-GW
inservice
These are my debug settings:
#sh debug
WebVPN Subsystem:
WebVPN (verbose) debugging is on
debug webvpn entry GS-CONTEXT
WebVPN HTTP (verbose) debugging is on
WebVPN AAA debugging is on
WebVPN tunnel (verbose) debugging is on
WebVPN Single Sign On debugging is on
And these are all debug messages I get upon incoming connection:
Sep 13 13:12:03.267 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:12:03.271 MEST: WV: sslvpn process rcvd context queue event
At this poibnt I have to accept the self-sigbned certificate in the AnyConnect client. Doing so repeats these messages again five times. Then I hav to accept the certificate in the client a second time (WHY?) Then the router gives these messages:
Sep 13 13:14:10.754 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:10.754 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:10.766 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:10.766 MEST: WV: http request: / with no cookie
Sep 13 13:14:10.766 MEST: WV-HTTP: Deallocating HTTP info
Sep 13 13:14:10.766 MEST: WV: Client side Chunk data written..
buffer=0x84E54AA0 total_len=191 bytes=191 tcb=0x85066820
Sep 13 13:14:10.766 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:11.050 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:11.054 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:11.354 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:11.354 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:11.366 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:11.366 MEST: WV: http request: /webvpn.html with domain cookie
Sep 13 13:14:11.366 MEST: WV-HTTP: Deallocating HTTP info
Sep 13 13:14:11.366 MEST: WV: [Q]Client side Chunk data written..
buffer=0x84E54AA0 total_len=1009 bytes=1009 tcb=0x83DABBF4
Sep 13 13:14:11.366 MEST: WV: [Q]Client side Chunk data written..
buffer=0x84E54A80 total_len=1009 bytes=1009 tcb=0x83DABBF4
Sep 13 13:14:11.366 MEST: WV: [Q]Client side Chunk data written..
buffer=0x84E54A60 total_len=1009 bytes=1009 tcb=0x83DABBF4
Sep 13 13:14:11.366 MEST: WV: [Q]Client side Chunk data written..
buffer=0x84E54A40 total_len=1009 bytes=1009 tcb=0x83DABBF4
Sep 13 13:14:11.370 MEST: WV: Client side Chunk data written..
buffer=0x84E54A20 total_len=641 bytes=641 tcb=0x83DABBF4
Sep 13 13:14:11.370 MEST: WV: sslvpn process rcvd context queue event
At this point the Anyconnect client says "Connection attempt failed" and that's all.
So please, any advice how to solve this?
And do I have to install any particular svc.pkg in the flash? As far as I have found out you can install only one client package (how do you server different clients then?). But if I use permanently installed AnyConnect on my client system the installed svc.pkg on the router doesn't matter at all, right?
Thanks a lot for any suggestions,
GrischaSome more restrictions:
12.4(15)T does not support Anyconnect in standalone mode, only web-launch (i.e. starting AC from the clientless portal). You need 12.4(20)T or later for standalone mode.
In addition with an untrusted certificate you will run into this bug which is not resolved in 12.4(15)T:
CSCtb73337 AnyConnect does not work with IOS if cert not trusted/name mismatch
In short, if it's possible to upgrade, go to 15.0(1)M7 (or latest 12.4(24)Tx if 15.0 is out of the question)
If you're stuck with 12.4(15)T, only use AC 2.x with weblaunch and make sure the host trusts the router's certificate (create a trustpoint, enroll it, import the certificate on the client into the trusted root store).
hth
Herbert -
Anyconnect & WebVPN for ssl vpn
I already have anyconnect running in my network, planning to use Webvpn also to let specific users access the web based applications via webvpn( i believe for this they just have to put in the url and they would be prompted by SSL VPN's login page).
I followed some cisco documents but my ASA doesnt show any webvpn option on the left side pane.
Please help to set this up
Thanks.Hi Sunny,
I attached our test config of the WebVPN of confirmed work for your reference.
HTH
Tomoyuki -
Works windows mobile with SSL VPN and anyconnect
Hello,
do anyone know if the following OS works with ASA 8.x SSL VPN client ,SSL clientless VPN and anyconnect client and Secure Desktop :
windows mobile 5.0 Premium phone edition
windows mobile 6.0
windows embedded CE,Net
windows mobile 2003
Thank you for your help
Michael[url=http://fztodds.24fast.info/washington225.html] washington [/url]
[url=http://fztodds.24fast.info/washington16e.html] washington [/url]
[url=http://fztodds.24fast.info/washingtond66.html] washington [/url]
[url=http://fztodds.24fast.info/washington4e0.html] washington [/url]
[url=http://fztodds.24fast.info/washington00b.html] washington [/url]
[url=http://fztodds.24fast.info/washington1e7.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washington0a8.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washington9de.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washingtone4a.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washington4ec.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washington184.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washingtonb73.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washington853.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washington1a5.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washingtonde7.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washington2b8.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washington902.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washingtonc99.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washingtoncc7.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washington598.html] washington [/url]
[url=http://yfldvbz.webheri.net/washingtonbe2.html] washington [/url]
[url=http://yfldvbz.webheri.net/washingtone9b.html] washington [/url]
[url=http://yfldvbz.webheri.net/washington4e0.html] washington [/url]
[url=http://yfldvbz.webheri.net/washington327.html] washington [/url]
[url=http://yfldvbz.webheri.net/washingtonada.html] washington [/url]
[url=http://yfldvbz.webheri.net/washingtond2b.html] washington [/url]
[url=http://yfldvbz.webheri.net/washington317.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washington7cb.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washingtoneaf.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washington259.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washington8e0.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washingtonc03.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washington092.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washington79c.html] washington [/url]
[url=http://aeaukol.rack111.com/washington766.html] washington [/url]
[url=http://aeaukol.rack111.com/washingtona2e.html] washington [/url]
[url=http://aeaukol.rack111.com/washington4c4.html] washington [/url]
[url=http://aeaukol.rack111.com/washingtonb9f.html] washington [/url]
[url=http://aeaukol.rack111.com/washingtond3a.html] washington [/url]
[url=http://aeaukol.rack111.com/washington54a.html] washington [/url]
[url=http://aeaukol.rack111.com/washington777.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washington300.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washington239.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washington7b4.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washingtonad5.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washingtone03.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washington399.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washington9e9.html] washington [/url]
[url=http://ggaubio.hostevo.com/washington878.html] washington [/url]
[url=http://ggaubio.hostevo.com/washington525.html] washington [/url]
Maybe you are looking for
-
F110 : why 4 copies of Check Form ?
Hi SAP Experts, When i have carried out an Automatic payment (Tcode F110) the system print me 4 copies of my Chech Form, Knowing that i want only one copy !!?? Please how to tell to the system that i want one copy of this check form ? Thanks in Advan
-
What video files are supposed to work on an ipod classic?
I just downloaded a youtube video which I wanted to play on my ipod classic. The downloader gave me a number of file conversion options for it, and claimed that mp4 was the format for an ipod. (This is the first time I've tried to put a video on it,
-
I am new to Photoshop CS5. I am trying to merge 3 8-bit grayscale images of exactly the same size. I'm trying to follow the instructions below, but the "Merge Channels" option remains grayed out. I have no idea what to try next, i have struggled w
-
Air gesture is not working...
I just purchased a Galaxy Note 3 and I was excited about the opportunity to use the gestures I'd heard so much about, however that doesn't seem to work on my phone. Under Settings I have all Motion Control commands set to ON but the Air Gesture icon
-
Duplicate error for Abstract WSDL and Concrete WSDL
Hi, I am trying to consume a webservice from ABCS Provider. Here is what I have done: 1. Loaded target webservice wsdl into MDS by removing it's wsdl:service element. 2. Created a composite with a partnerlink referring to MDS wsdl. 3. Added binding.w