Works windows mobile with SSL VPN and anyconnect

Similar Messages

• Cisco 1841 SSL VPN and Anyconnect Help

  I am pretty new to Cisco programming and am trying to get an SSL VPN set up  for remote access using a web browser and using Anyconnect version 3.1.04509. If I try to  connect via a web browser I get an error telling me the security  certificate is not secure. If I try to connect via Anyconnect I get an  error saying "Untrusted VPN Server Blocked." If I change the Anyconnect  settings to allow connections to untrusted servers, I get two errors  that say"Certificate does not match the server name" and "Certificate is  malformed." Below is the running config in the router at this time.  There is another Site-to-Site VPN tunnel that is up and working properly  on this device. Any help would be greatly appreciated. Thanks
  Current configuration : 7741 bytes
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname buchanan1841
  boot-start-marker
  boot-end-marker
  logging message-counter syslog
  no logging buffered
  enable secret 5 XXXXXXX
  enable password XXXX
  aaa new-model
  aaa authentication login default local
  aaa authentication login ciscocp_vpn_xauth_ml_1 local
  aaa authentication login ciscocp_vpn_xauth_ml_2 local
  aaa authorization exec default local
  aaa authorization network ciscocp_vpn_group_ml_1 local
  aaa session-id common
  crypto pki trustpoint buchanan_Certificate
  enrollment selfsigned
  revocation-check crl
  rsakeypair buchanan_rsakey_pairname
  crypto pki certificate chain buchanan_Certificate
  certificate self-signed 01
    30820197 30820141 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    1D311B30 1906092A 864886F7 0D010902 160C6275 6368616E 616E3138 3431301E
    170D3133 30373038 32323330 33335A17 0D323030 31303130 30303030 305A301D
    311B3019 06092A86 4886F70D 01090216 0C627563 68616E61 6E313834 31305C30
    0D06092A 864886F7 0D010101 0500034B 00304802 4100C76B D94BABC2 6D7FB1F1
    AF9AA76F E631B841 7CFEA806 1F52420B 9C83D754 D58393B1 EC02FCA8 BFBE82D6
    79645A32 4ECEDB43 8AEB1590 9CCC309E 17E70061 86150203 010001A3 6C306A30
    0F060355 1D130101 FF040530 030101FF 30170603 551D1104 10300E82 0C627563
    68616E61 6E313834 31301F06 03551D23 04183016 8014AF2E 3FCF66AF C8A43F5F
    97DFABA9 C74371FD 127A301D 0603551D 0E041604 14AF2E3F CF66AFC8 A43F5F97
    DFABA9C7 4371FD12 7A300D06 092A8648 86F70D01 01040500 034100C1 47D2E8B0
    4AC15F69 E8CBE141 E8EE96C5 7BF1EE51 102278B8 ED525185 9F112FA6 0D51F7A6
    3382DB09 8692EEE7 200471B3 BF12FBD0 223EB549 4A352049 513F4B
          quit
  dot11 syslog
  ip source-route
  ip cef
  no ipv6 cef
  multilink bundle-name authenticated
  username buchanan privilege 15 password 0 XXXXX
  username cybera password 0 cybera
  username skapple privilege 15 secret 5 XXXXXXXXXX
  username buckys secret 5 XXXXXXXXXXX
  crypto isakmp policy 1
  encr 3des
  hash md5
  authentication pre-share
  group 2
  lifetime 28800
  crypto isakmp key p2uprEswaspus address XXXXXX
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec transform-set cybera esp-3des esp-md5-hmac
  crypto ipsec profile cybera
  set transform-set cybera
  archive
  log config
    hidekeys
  ip ssh version 1
  interface Tunnel0
  description Cybera WAN - IPSEC Tunnel
  ip address x.x.x.x 255.255.255.252
  ip virtual-reassembly
  tunnel source x.x.x.x
  tunnel destination x.x.x.x
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile cybera
  interface FastEthernet0/0
  description LAN Connection
  ip address 192.168.1.254 255.255.255.0
  ip helper-address 192.168.1.2
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  no mop enabled
  interface FastEthernet0/1
  description WAN Connection
  ip address x.x.x.x 255.255.255.224
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  interface ATM0/0/0
  no ip address
  shutdown
  atm restart timer 300
  no atm ilmi-keepalive
  interface Virtual-Template2
  ip unnumbered FastEthernet0/0
  ip local pool SDM_POOL_1 192.168.2.1 192.168.2.254
  ip local pool LAN_POOL 192.168.1.50 192.168.1.99
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 x.x.x.x
  ip route 4.71.21.0 255.255.255.224 x.x.x.x
  ip route 10.4.0.0 255.255.0.0 x.x.x.x
  ip route 10.5.0.0 255.255.0.0 x.x.x.x
  ip route x.x.x.x 255.255.240.0 x.x.x.x
  ip route x.x.x.x 255.255.255.255 x.x.x.x
  ip route x.x.x.x 255.255.255.255 x.x.x.x
  ip http server
  no ip http secure-server
  ip nat inside source list 1 interface FastEthernet0/1 overload
  ip nat inside source static tcp 192.168.1.201 22 x.x.x.x 22 extendable
  ip nat inside source static tcp 192.168.1.202 23 x.x.x.x 23 extendable
  access-list 1 permit 192.168.1.0 0.0.0.255
  control-plane
  line con 0
  line aux 0
  line vty 0 4
  password xxxxx
  transport input telnet ssh
  scheduler allocate 20000 1000
  webvpn gateway gateway_1
  ip address x.x.x.x port 443
  http-redirect port 80
  ssl trustpoint buchanan_Certificate
  inservice
  webvpn install svc flash:/webvpn/anyconnect-w
  in-3.1.04059-k9.pkg sequence 1
  webvpn context employees
  secondary-color white
  title-color #CCCC66
  text-color black
  ssl authenticate verify all
  policy group policy_1
     functions svc-enabled
     svc address-pool "LAN_POOL"
     svc default-domain "buchanan.local"
     svc keep-client-installed
     svc dns-server primary 192.168.1.2
     svc wins-server primary 192.168.1.2
  virtual-template 2
  default-group-policy policy_1
  aaa authentication list ciscocp_vpn_xauth_ml_2
  gateway gateway_1
  max-users 10
  inservice
  endbuchanan1841#

  Perhaps you have changed the host-/domainname after the certificate was created?
  I'd generate a new one ...
  Michael
  Please rate all helpful posts

• If i bought iphone 5s from apple retail store on t mobile with free contract and with full price it will work with egypt's local carrier ????

  If i bought iphone 5s from apple retail store on t mobile with free contract and with full price it will work with egypt's local carrier ????

  Yes

• Cannot access to any site with ssl connection and fail to open safari and keychain, unless restart computer and login in with Guest account.

  when Update to 10.7.2 ,I cannot access to any site with ssl connection and fail to open safari and keychain, unless restart computer and login in with Guest account.
  OS:10.7.2
  Macbook Pro 2010-mid 13inch

  I also have the same problem, however if I use Firefox or Opera sites with ssl connection work fine. Still, I can't use Google Chrome (ssl), Safari (ssl), the Mac app store (generally), or the iTunes store (generally). Both the iTunes store, Safari and the app store won't respond, and Chrome displays this error: (net::ERR_TIMED_OUT). The problem persists regardless of what network I'm using. Also, when trying to access the keychain or iCloud, the process will not start (will hang). I didn't have these problems at all before updating to 10.7.2.
  Sometimes rebooting helps, and sometimes not. If the problem disappears by rebooting, then it only lasts a few minutes before it reappears. It is very frustrating, especially since there doesn't seem to be any obvious or consistent way of which to fix it.
  I'm also using a Macbook Pro 13-inch mid 2010.

• I am from argentina and i want to buy an iPhone 5s, but in my country i can only use it if the phone is unlocked , i want to know if i buy one of t mobile with no contract and i travel to mi country ( internationaly) i can use it with a sim from argentina

  i am from argentina and i want to buy an iPhone 5s, but in my country i can only use it if the phone is unlocked , i want to know if i buy one of t mobile with no contract and i travel to mi country ( internationaly) i can use it with a sim from argentina

  You should go onto the Tmobile web site and look around. Very soon a pop up window will ask you if you want to chat. You can try asking for someone who knows Spanish (if you prefer), they might have someone available who can chat with you in Spanish.
  I give this suggestion because I remember on the Tmobile website, you can order on line, but they let you choose to pay only a little money up front, then pay off the rest over 24 months, or you can choose to pay for it in full. However, their ordering process does not say whether the paid for in full phone is going to be unlocked or not.
  It may not be, You may have to make a request and say that since you have paid in full please unlock. I am not so sure that a paid for in full phone is automatically sold in unlocked state.
  This is why I suggest you talk to Tmobile to get a definite answer.
  Unless someone else on this forum knows for sure? Hope someone else jumps in to answer. But the best way is to ask for yourself directly from Tmobile.

• How to enable SCCM 2012 clients to get Windows Updates through SSL VPN

  I would like my SCCM 2012 client laptops to get Windows Updates through SSL VPN.
  I suppose I need to add VPN Subnet in my boundary and boundary group.
  What other setting I need to enable?
  At this moment, on the 'Software Update Point Component Properties' "Allow intranet-only client connections" radio button is active. Do I neeed to select "Allow both intranet and internet client connections" and Enable SSL communications
  for the WSUS server?
  or are there something else I need to check?

  No, a VPN client is no different than a client connected internally as far as the network is concerned and as far as ConfigMgr is concerned there is no way to explicitly know any different. Internet clients literally are those that connect via the Internet
  using IBCM.
  Jason | http://blog.configmgrftw.com

• HT5622 Have Family Mobile with 2 phones and only one Apple ID can all be controlled by the main phone?

  Have Family Mobile with 2 phones and only one Apple ID can all be controlled by the main phone?

  angiefromaustin wrote:
  Yes I know the password for Apple ID.
  Then there should be no issue for you.
  angiefromaustin wrote:
  I do not know the password to get onto the 3G phone to make changes or update apps etc.
  Then there is more than one Apple ID involved.... Or a Restrictions Passcode has been set.
  angiefromaustin wrote:
  2 phones and only one Apple ID
  Then what do you mean by this ?

• TS4463 I am using Windows Vista with Outlook 2007 and iCloud.  Everything has been great until this morning.  I'm suddenly getting the message "Set of folders cannot be opened.  The information store could not be opened.

  I am using Windows Vista with Outlook 2007 and iCloud.  Everything has been great until this morning.  I'm suddenly getting the message "Set of folders cannot be opened.  The information store could not be opened.  I tried running the repair utlity to repair the iCloud however I am still getting this error message.

  I tried rebooting.  It didn't change anything.

• I am working in pages with a template and want to keep the image but get rid of the black background?

  I am working in pages with a template and want to keep the image but get rid of the black background?

  Surprise surprise but we can't see what you are looking at and referring to.
  What black background?
  If it is black background in the actual photo:
  Menu > Format > Instant Alpha > drag the cursor over the colored background you wish to remove
  Peter

• Using windows vista with two users and I can only open books with adobe digital editions on one account?

  using windows vista with two users and I can only open books with adobe digital edition

  You must authorize the second computer with the same Adobe ID.
  There are sometimes issues with this registration: if you have them ....
  Sometimes ADE gets its registration/activation confused and in a semi-authorized state.
  Uninstalling and reinstalling does not help.
  Unfortunately, it often then gives misleading error messages about what is wrong.
  A common incorrect message informs you that the ID is already in use on another computer and cannot be reused.
  This can often be resolved by completely removing any authorization using ctrl-shift-D to the Library screen on ADE (cmd-shift-D if on Mac).
  Restart ADE, and then reauthorize with your (old) Adobe ID.

• Anyconnect ssl vpn and acl

   Hi Everyone,
  I was testing few things at my home lab.
  PC---running ssl vpn------------sw------router------------ISP--------------ASA(ssl anyconnect)
  anyconnect ssl is working fine and i am also able to access internet.
  I am using full tunnel
  i have acl on outside interface of ASA
  1
  True
  any
  any
  ip
  Deny
  0
  Default
  i know that ACL is used for traffic passing via ASA.
  I need to understand the traffic flow for access to internet via ssl vpn.?
  Regards
  MAhesh

  As you say correctly, the interface-ACL is not important for that as the VPN-traffic is not inspected by that ACL. At least not by default.
  You can control the traffic with a different ACL that gets applied to the group-policy with the "vpn-filter" command. And of course you need a NAT-rule that translates your traffic when flowing to the internet. That rule has to work on the interface-pair (outside,outside).

• SSO problem on Windows Mobile with WAS Java 7.0 and R/3 4.7

  We have a curious single sign-on problem with custom WM-app.
  The application is developed using WD Java and currently runs on WAS 7.0 SPS10. WAS makes calls to several RFC:s on 4.7 Enterprise and authentication is done using SSO.
  The enduser device is a handheld running Windows Mobile and the browser is a vendor (HHP) provided Mobile IE based HandHeldWeb. Because of the poor usability of the default login on handhelds we created a custom J2EE Web Application JSP which does the login to the WM-app.
  On a PC browser everything functions normally, but occasionally with the mobile device no data from R/3 is displayed. As if SSO didn't work. Sometimes, if transaction 1 doesn't work and the user comes out of it, then runs transaction 2 which makes an RFC call and then returns to transaction 1 it works. Sometimes..
  This problem does not occur on mobile device when the default login is used. And as stated previously, on a PC the custom login works fine.
  -Erno

  Hi,
  Currently SAP is selling the Software in Business Suite .
  If you are purchasing the SRM 7.0 .It will come as Business suite . It will contain
  1. SRM 7.0
  2.CRM
  3.PLM
  4.SCM
  5. ECC 6.0 wiht Eph 4
  When you are getting the ECC 6.0 in this package why to use  SAP R/3- 4.6C
  So better you upgrade both the SRM and R/3.
  I would like to know if SRM 7.0 and R/3 4.6C is compatible in first place.Will it work?
  It will work but in the long run you will get lot  of Problem.Since SRM 7.0 is Based on Webdynpro technology
  Regards
  G.Ganesh Kumar

• HP iPAQ 5450 with Windows Mobile 2003 802.1x and certificates.......

  This maybe a bit off topic but I am struggling trying to get some answers out of HP.
  We have some HP iPAQ 5450/5550's all running Windows Mobile 2003 - to use 802.1x Authentication with PEAP or TLS-EAP we need certificates installing on the PocketPCs. We have a Windows 2000 Active-Directory integrated Certificate Authority that publishes certificates to W2K machines OK - initially HP didn't include any way of importing Certificates but have released the SDK Certificate Enrolment Tool (enroll.exe). We have tried for several days to get a certificate but to no avail and we are struggling to find any information out. Has anyone on here managed this? If so how?
  Thanks
  Andy

  Obviously the WindowsCE devices can't be 'members' of the domain as they would need W2K to do that (create a computer account etc). The enrollment tool is available from HP's website (software & drivers etc). Once I installed the enroll.exe tool I modified the enroll.cfg file to request a 'computer' certificate from my CA, this is now installed and appears in 'Settings, System, Certificates'. I have yet to actually test this with a Cisco AP as I just can't get my hands on one.......
  Andy

• Clientless SSL VPN and ActiveX question

  Hey All,
  First post for me here, so be gentle.  I'll try to be as detailed as possible.
  With the vast majority of my customers, I am able to configure an IPSEC L2L VPN, and narrow the traffic down to a very minimal set of ports.  However, I have a customer that does not want to allow a L2L VPN tunnel between their remote site, and their NOC center.  I thought this might be a good opportunity to get a clientless (they don't want to have to launch and log into a separate client) SSL VPN session setup.  Ultimately, this will be 8 individual sites, so setting up SSL VPN's at each site would be cost prohibitive from a licensing perspective.  My focus has been on using my 5510 (v8.2(5)) at my corp site as the centralized portal entrance, and creating bookmarks to each of the other respective sites, since I already have existing IPSEC VPN's via ASA5505, (same rev as the 5510 )setup with each of the sites.
  First issue I've run into is that I can only access bookmarks that point to the external address for the remote web-server (the site has a static entry mapping an external address to the internal address of the web server).  I am unable to browse (via bookmark) to the internal address of the remote web server.  Through my browser at the office, I can access the internal address fine, just not through the SSL VPN portal.  I am testing this external connectivity using a cell card to be able to simulate outside access.  Is accessing the external IP address by design, or do I have something hosed?
  Second issue I face is when I access the external address through the bookmark, I am ultimately able to log onto my remote website, and do normal browsing and javascript-type functions.  I am not able to use controls that require my company's ActiveX controls (video, primarily).  I did enable ActiveX relay, and that did allow the browser to start prompting me to install the controls as expected, but that still didn't allow the video stream through.  The stream only runs at about 5 fps, so it's not an intense stream.
  I have researched hairpinning for this situation, and "believe" that I have the NAT properly defined - even going as far as doing an ANY ANY, just for testing purposes to no avail.  I do see a decent number of "no translates" from a show nat:
    match ip inside any outside any
      NAT exempt
      translate_hits = 8915, untranslate_hits = 6574
  access-list nonat extended permit ip any any log notifications
  access-list nonat extended permit ip 192.168.17.0 255.255.255.0 192.168.2.0 255.255.255.0
  access-list nonat extended permit ip 192.168.16.32 255.255.255.224 192.168.2.0 255.255.255.0
  access-list nonat extended permit ip 192.168.17.0 255.255.255.0 192.168.16.32 255.255.255.224
  access-list nonat extended permit ip 192.168.16.32 255.255.255.224 192.168.17.0 255.255.255.0
  access-list nonat extended permit ip 192.168.17.0 255.255.255.0 172.16.250.0 255.255.255.0
  access-list nonat extended permit ip 192.168.16.32 255.255.255.224 172.16.250.0 255.255.255.0
  access-list nonat extended permit ip 192.168.16.32 255.255.255.224 172.16.254.0 255.255.255.0
  access-list nonat extended permit ip 192.168.17.0 255.255.255.0 172.16.254.0 255.255.255.0
  access-list nonat extended permit ip 192.168.17.0 255.255.255.0 host A-172.16.9.34
  access-list nonat extended permit ip 192.168.18.0 255.255.255.0 192.168.2.0 255.255.255.0
  access-list nonat extended permit ip 192.168.18.0 255.255.255.0 192.168.16.32 255.255.255.224
  access-list nonat extended permit ip 192.168.18.0 255.255.255.0 192.168.17.0 255.255.255.0
  access-list nonat extended permit ip 192.168.18.0 255.255.255.0 172.16.250.0 255.255.255.0
  access-list nonat extended permit ip 192.168.18.0 255.255.255.0 172.16.254.0 255.255.255.0
  access-list nonat extended permit ip 192.168.18.0 255.255.255.0 host A-172.16.9.34
  access-list nonat extended permit ip 192.168.17.0 255.255.255.0 192.168.18.0 255.255.255.0
  access-list nonat extended permit ip 192.168.16.32 255.255.255.224 192.168.18.0 255.255.255.0
  access-list nonat extended permit ip 192.168.16.32 255.255.255.224 host 172.16.62.57
  access-list nonat extended permit ip 192.168.17.0 255.255.255.0 host 172.16.62.57
  access-list nonat extended permit ip 192.168.18.0 255.255.255.0 host 172.16.62.57
  access-list nonat extended permit ip 192.168.17.0 255.255.255.0 172.16.8.0 255.255.254.0
  access-list nonat extended permit ip 192.168.16.32 255.255.255.224 172.16.8.0 255.255.254.0
  access-list D_Traffic extended permit ip 192.168.16.32 255.255.255.224 192.168.2.0 255.255.255.0
  access-list D_Traffic extended permit ip 192.168.16.32 255.255.255.224 192.168.17.0 255.255.255.0
  access-list D_Traffic extended permit ip 192.168.16.32 255.255.255.224 192.168.18.0 255.255.255.0
  access-list D_Traffic extended permit ip 192.168.16.32 255.255.255.224 172.16.250.0 255.255.255.0
  access-list D_Traffic extended permit ip 192.168.17.0 255.255.255.0 192.168.2.0 255.255.255.0
  access-list D_Traffic extended permit ip 192.168.17.0 255.255.255.0 192.168.16.32 255.255.255.224
  access-list D_Traffic extended permit ip 192.168.17.0 255.255.255.0 192.168.18.0 255.255.255.0
  access-list D_Traffic extended permit ip 192.168.18.0 255.255.255.0 192.168.2.0 255.255.255.0
  access-list D_Traffic extended permit ip 192.168.18.0 255.255.255.0 192.168.16.32 255.255.255.224
  access-list D_Traffic extended permit ip 192.168.18.0 255.255.255.0 192.168.17.0 255.255.255.0
  access-list D_Traffic extended permit ip 192.168.18.0 255.255.255.0 172.16.250.0 255.255.255.0
  access-list D_Traffic extended permit ip 192.168.17.0 255.255.255.0 172.16.250.0 255.255.255.0
  access-list outside_1_cryptomap extended permit ip 192.168.16.32 255.255.255.224 host A-172.16.9.34
  access-list outside_1_cryptomap extended permit ip 192.168.17.0 255.255.255.0 host A-172.16.9.34
  access-list outside_1_cryptomap extended permit ip 192.168.18.0 255.255.255.0 host A-172.16.9.34
  access-list outside_1_cryptomap extended permit ip 192.168.16.32 255.255.255.224 host 172.16.62.57
  access-list outside_1_cryptomap extended permit ip 192.168.17.0 255.255.255.0 host 172.16.62.57
  access-list outside_1_cryptomap extended permit ip 192.168.18.0 255.255.255.0 host 172.16.62.57
  access-list External_VPN extended permit ip 192.168.16.32 255.255.255.224 172.16.254.0 255.255.255.0
  access-list External_VPN extended permit ip 192.168.17.0 255.255.255.0 172.16.254.0 255.255.255.0
  access-list outside_in extended permit icmp any any log notifications
  access-list outside_in extended permit tcp any any log notifications
  pager lines 24
  logging enable
  logging asdm informational
  logging ftp-server 192.168.16.34 / syslog *****
  mtu inside 1500
  mtu outside 1500
  ip local pool Remote 172.16.254.1-172.16.254.25 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-645.bin
  no asdm history enable
  arp timeout 14400
  global (inside) 1 interface
  global (outside) 1 interface
  nat (inside) 0 access-list nonat
  nat (inside) 1 192.168.16.32 255.255.255.224
  nat (inside) 1 192.168.17.0 255.255.255.0
  nat (inside) 1 0.0.0.0 0.0.0.0
  access-group outside_in in interface outside
  192.168.2.0 is my corp network range
  192.168.2.171 is my internal IP for corp ASA5510
  97.x.x.x is the external interface for my corp ASA5510
  192.168.16.34 is the internal interface for the remote ASA5505
  64.x.x.x is the external interface for the remote ASA5505
  192.168.17.0, and 192.168.18.0 are two other private LANS behind the remote 5505
  As you can see, I have things reasonably wide open - with no port restrictions on this one yet - this is for troubleshooting purposes, and it will get restrictive as soon as I figure this out   Right now, the ASA5510 is pretty restrictive, and to be brutally honest, I'm not certain I'm even using the packet tracer 100% proper to be able to simulate coming from the outside of the network through my ASA5510, out to a remote ASA5505, and to a web server behind that 5505.  I'm sure that the issue is probably going to be a mix of ACL's between the 5510, and the 5505.
  I guess the main question, is Clientless SSL VPN really a good choice for this, or are there other real alternatives - especially since my client doesn't want to have to install, or use an actual client (like AnyConnect), nor do they want to have an always-on IPSEC VPN.  Am I going about this the right way?  Anyone have any suggestions, or do I have my config royally hosed?
  Thanks much for any and all ideas!

  Hey All,  I appreciate all of the views on this post.  I would appreciate any input - even if you think it might be far-fetched.  I'm grasping at straws, and am super-hesitant to tell my customer this is even remotely possible if I can't have a POC myself.  Thanks, in advance!!

• SSL VPN and dedicated IP address

  Hello
  I have an ASA 5505 8.3 and i setup it with ADSL 6.3
  I am trying to dedicate IP addresses to clientless SSL VPN user: is it possible ?
  If not is it possible with Anyconnect client ?
  If yes i can't perform it !
  I have a user test and i want dedicated him an IP address . After authentification user can connect to a web application but when i see the netstat, it is the IP adress of the ASA which is connected ...
  Could you help me ?
  Regards
  L.Malandain

  Two ways -
  Frist create pool with one IP address and assign that to group policy.
  Second- modify the user atributes-
  username test password xxxxx
  username test attributes
  vpn-framed-ip-address
  Thanks
  Ajay