ASA Cisco Anyconnect Web portal Redirect

How can I have my portal ASA Anyconnect redirect to https? The problem is that, unless the user types https:// , they cannot solve the page. I need the ability to something like vpn.domain.com redirect to https://vnp.domain.com in the users browser.

http redirect outside 80

Michael

Please note all useful posts

Tags: Cisco Security

Similar Questions

  • Select the timeout on ASA Cisco Anyconnect VPN

    Hello world

    I use the Cisco Anyconnect VPN client with the ASA 5540 firewall. I need allow a time-out on the VPN clients, so they log off after x hours of inactivity.

    Thank you to

    Best respect

    Hello

    To my understanding of the default timeout value is 30 minutes

    You should be able to change this setting in the "username" configurations (if you use LOCAL AAA on the SAA) or under the configurations of the 'group policy' .

    The command is

    VPN-idle-timeout

    Here is the link of the commands reference

    http://www.Cisco.com/c/en/us/TD/docs/security/ASA/ASA-command-reference/...

    -Jouni

  • 9.1 ASA + ACS 5.4 SSL Web portal bookmarks according to the ad group.

    Hello.

    Having some problems with ssl vpn on ASA 5515-X.

    I have ASA (9.1) connected to the web portal without client ssl ACS (5.4) and set up mobile client anyconnect. ACS also have connection to Active Directory.

    So he has set up this group AD users, for example, the VPN_clients connect via the anyconnect client or no client via SSL web page. And it works very well.

    My goal is to make different bookmarks portals SSL (in terms of strategies of different group ASA) according to the users AD Group.

    For example: I have 3 groups in AD: VPN_admin, VPN_Finance, VPN_Logistic. I want that the users in the group after authentication to SSL web portal would see only their own bookmarks available only for their group.

    As I inderstand once ACS authentication process must respond to ASA which the user consist of ad groups and ASA should choose the group policy right for the user, but I have no experience how to do that?

    Hello Ivan,.

    You're right, ACS can leave the ASA what group policy is to assign based on the RADIUS of the 25 attribute.

    Measures on the ACS:

    1 - definition of ad groups:

    2 set the authorization profile tab elements of the policy:

    3. create the policy and authorization access criteria:

    Then, on the ASA:

    1 create a group policy and name it.

    2. through the ASDM, create and assign bookmarks to this group policy.

    3 - once a user authenticates, the ACS sends 25 attribute, which contains the string 'OU = it'.

    4 - ASA seeks group it strategy and assigns it to the user's session.

    Let me know if you have any questions.

    HTH.

    Please note all useful messages.

  • Web portal VPN asa - where is setup?

    Hello

    ASA 8.2.2, I set up web portal with bookmarks using ASDM. I wanted to check what looks like the CLI - and found nothing in the configuration. In the documentation I have CVCTVLY found:

    "Since the WebVPN customizations are not saved in the running configuration, a typical write erase, reload sequence does not erase the customizations or webcontents of the SAA. You must explicitly call back webvpn commands or manually remove the customizations of the ASDM. »

    Where is this configuration and how can I move it on other ASA using CLI?

    Thanx

    Hi, Webvpn bookmarks are stored in flash as models.

    You can see some information here:

    http://www.Cisco.com/en/us/docs/security/ASA/asa82/configuration/guide/WebVPN.html#wp1166489

    You can export these files using CLI by typing the command "export webvpn XX".

    If you enable the option to show the order before sending in ASDM, you will see just generate a file and then import it to the ASA.

    I guess you can use the 'more' command to show files that must be stored in flash.

  • Cisco ASA and AnyConnect VPN certificate error

    Hello

    I am trying to configure Cisco AnyConnect VPN and everything works, but I get this warning message when the connection is opened:

    I don't have public certificate in ASA. Is it possible to use the self-signed certificate and get rid of this warning message?

    Hello

    This is expected behavior on the SAA for an SSL connection. You can certainly use the certificate self-signed on the SAA and then apply it on the external interface.
    Once done, you will need to install this certificate on the clients and this will alleviate the popup error message.

    Here is a document that you can refer to create a self-signed certificate.
    https://supportforums.Cisco.com/document/44116/ASA-self-signed-certificate-WebVPN

    Kind regards
    Dinesh Moudgil

    PS Please note the useful messages.

  • Cisco AnyConnect do IPsec?

    Hi guys

    I have a Cisco ASA5520 with software Version 8.2 (5) in place, most my users are Mac users and I am currently looking into Cisco AnyConnect in comparison using the VPN client.

    I have a few questions

    (1) Cisco AnyConnect does he use IPSec or is it soley based SSL VPN?

    (2) the license information I have in my ASA below, I understand that I can get max 750 vpn peers am however I have reason to say that this does not apply to Cisco AnyConnect peers? and with Cisco AnyConnect, I can only have 2 peers? Also, what are the options for mobility anyconnect for?

    The devices allowed for this platform:

    The maximum physical Interfaces: unlimited

    VLAN maximum: 150

    Internal hosts: unlimited

    Failover: Active/active

    VPN - A: enabled

    VPN-3DES-AES: enabled

    Security contexts: 2

    GTP/GPRS: disabled

    SSL VPN peers: 2

    Total of the VPN peers: 750

    Sharing license: disabled

    AnyConnect for Mobile: disabled

    AnyConnect Cisco VPN phone: disabled

    AnyConnect Essentials: disabled

    Assessment of Advanced endpoint: disabled

    Proxy sessions for the UC phone: 2

    Total number of Sessions of Proxy UC: 2

    Botnet traffic filter: disabled

    (3) when you try to configure Cisco Anyconnect on the SAA by using ASDM, I noticed that I needed to download AnyConnect client images, but when I did this by downloading the .dmg for mac machines file I got the error message 'not an image valid of the SVC'. Is it because I'm under 8.2?

    Your help is highly appreciated

    Concerning

    Mohamed

    Hi Mohammad,.

    I'll answer your questions one by one:

    1 cisco Anyconnect version 3.0 and above all support SSL and IPSECv2 connection. If you want the user to connect using the Anyconnect client IPSECv2 then it will consume the SSL license and not the IPsec license however if you use IPSECv2 for connections such as vpn site to site then it will consume normal IPSec VPN license.

    2. one.  SSL VPN peers: this license gives you information about the number of users that can connect using SSL protocol for example using the Anyconnect and web portal customer also known as the clientless VPN based on. I see here there are only 2 licenses so at any given time only 2 users can connect successfully because 750 is the total number of licenses available for the VPN on the SAA, 698 only will be available for IPSec connections.

    b. Anyconnect for mobile: this license is required whenever a user connects from a Pocket like device: Iphone, Ipad, tablets etc.

    c. Anyconnect of Cisco VPN phone: Cisco IP phones have the ability to connect to an ASA remote using the SSL protocol and to enable this feature, you should have this license is activated on the SAA.

    d. Anyconnect essentials: Anyconnect there are two licenses, one > Anyconnect Premium and b > Anyconnect Essentials. AnyConnect essentials is less expensive as premium per report Anyconnect license. This license is for those who don't use webvpn or VPN without client. When the license is activated, the user can connect only to the Anyconnect VPN client.

    3. I don't know what image you use on the ASA. Please try the image named as anyconnect-macosx-i386 - 2.5.2010 - k9.pkg.

    To apply the changes using the command line, put this image on disk0: and then type this command on the CLI.

    Image disk0:/anyconnect-macosx-i386-2.5.2010-k9.pkg SVC

    Let me know if it helps.

    Thank you

    Vishnu Sharma

  • ASA 5515 - Anyconnect - inside the subnet connection problem

    Hi all

    I have a problem with the connection to the Interior/subnet using Anyconnect SSL VPN.

    ASA worm. 5515

    Please find below of configuration:

    User access audit

    ASA1 # show running-config
    : Saved
    :
    ASA 9.1 Version 2
    !
    hostname ASA1
    activate 8Ry2YjIyt7RRXU24 encrypted password
    volatile xlate deny tcp any4 any4
    volatile xlate deny tcp any4 any6
    volatile xlate deny tcp any6 any4
    volatile xlate deny tcp any6 any6
    volatile xlate deny udp any4 any4 eq field
    volatile xlate deny udp any4 any6 eq field
    volatile xlate deny udp any6 any4 eq field
    volatile xlate deny udp any6 any6 eq field
    2KFQnbNIdI.2KYOU encrypted passwd
    names of
    mask of local pool swimming POOLS-for-AnyConnect 10.0.70.1 - 10.0.70.50 IP 255.255.255.0
    !
    interface GigabitEthernet0/0
    nameif outside
    security-level 0
    address IP A.A.A.A 255.255.255.240
    !
    interface GigabitEthernet0/1
    nameif inside
    security-level 100
    192.168.64.1 IP address 255.255.255.0
    !
    interface GigabitEthernet0/2
    nameif dmz
    security-level 20
    address IP B.B.B.B 255.255.255.0
    !
    interface GigabitEthernet0/3
    Shutdown
    No nameif
    no level of security
    no ip address
    !
    interface GigabitEthernet0/4
    Shutdown
    No nameif
    no level of security
    no ip address
    !
    interface GigabitEthernet0/5
    Shutdown
    No nameif
    no level of security
    no ip address
    !
    interface Management0/0
    management only
    Shutdown
    No nameif
    no level of security
    no ip address
    !
    passive FTP mode
    network of the OBJ_GENERIC_ALL object
    subnet 0.0.0.0 0.0.0.0
    network outside_to_inside_FR-Appsrv01 object
    Home 192.168.64.232
    network outside_to_dmz_fr-websvr-uat object
    Home 10.20.20.14
    network inside_to_dmz object
    192.168.64.0 subnet 255.255.255.0
    gtc-tomcat network object
    Home 192.168.64.228
    network of the USA-Appsrv01-UAT object
    Home 192.168.64.223
    network of the USA-Websvr-UAT object
    Home 10.20.20.13
    network vpn_to_inside object
    10.0.70.0 subnet 255.255.255.0
    extended access list acl_out permit everything all unreachable icmp
    acl_out list extended access permit icmp any any echo response
    acl_out list extended access permit icmp any one time exceed
    acl_out list extended access permit tcp any object outside_to_inside_FR-Appsrv01 eq 3389
    acl_out list extended access permit tcp any object outside_to_inside_FR-Appsrv01 eq 28080
    acl_out list extended access permit tcp any object outside_to_inside_FR-Appsrv01 eq 9876
    acl_out list extended access permit udp any object outside_to_inside_FR-Appsrv01 eq 1720
    acl_out list extended access permit tcp any object outside_to_dmz_fr-websvr-uat eq www
    acl_out list extended access permit tcp any object outside_to_dmz_fr-websvr-uat eq https
    acl_out list extended access permit tcp any object outside_to_dmz_fr-websvr-uat eq 3389
    acl_out list extended access permit tcp any object USA-Appsrv01-UAT eq 9876
    acl_out list extended access permit udp any eq USA-Appsrv01-UAT object 1720
    acl_out list extended access permit tcp any object USA-Websvr-UAT eq www
    acl_out list extended access permit tcp any USA-Websvr-UAT eq https object
    acl_out list extended access permit tcp any object USA-Websvr-UAT eq 3389
    acl_out list extended access permit tcp any object USA-Appsrv01-UAT eq 3389
    acl_dmz list extended access permit icmp any any echo response
    acl_dmz of access allowed any ip an extended list
    acl_dmz list extended access permitted tcp object object to outside_to_dmz_fr-websvr-uat gtc-tomcat eq 8080
    acl_dmz list extended access permitted tcp object object to outside_to_dmz_fr-websvr-uat gtc-tomcat eq 8081
    acl_dmz list extended access permitted tcp object object to outside_to_dmz_fr-websvr-uat gtc-tomcat eq 3389
    acl_dmz list extended access permitted tcp object USA-Websvr-UAT object USA-Appsrv01-UAT eq 8080
    acl_dmz list extended access permitted tcp object USA-Websvr-UAT object USA-Appsrv01-UAT eq 8081
    access extensive list ip 192.168.64.0 gtcvpn2 allow 255.255.255.0 10.0.70.0 255.255.255.0
    pager lines 24
    Outside 1500 MTU
    Within 1500 MTU
    MTU 1500 dmz
    no failover
    ICMP unreachable rate-limit 1 burst-size 1
    don't allow no asdm history
    ARP timeout 14400
    no permit-nonconnected arp
    NAT dynamic interface of OBJ_GENERIC_ALL source (indoor, outdoor)
    NAT (inside, outside) static source all all static destination vpn_to_inside vpn_to_inside
    !
    network outside_to_inside_FR-Appsrv01 object
    NAT static x.x.x.x (indoor, outdoor)
    network outside_to_dmz_fr-websvr-uat object
    NAT (dmz, outside) static x.x.x.x
    network of the USA-Appsrv01-UAT object
    NAT static x.x.x.x (indoor, outdoor)
    network of the USA-Websvr-UAT object
    NAT (dmz, outside) static x.x.x.x
    Access-group acl_out in interface outside
    Access-group acl_dmz in dmz interface
    Route outside 0.0.0.0 0.0.0.0 B.B.B.B 1
    Timeout xlate 03:00
    Pat-xlate timeout 0:00:30
    Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
    Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
    Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    Floating conn timeout 0:00:00
    dynamic-access-policy-registration DfltAccessPolicy
    identity of the user by default-domain LOCAL
    Enable http server
    http 192.168.64.204 255.255.255.255 inside
    No snmp server location
    No snmp Server contact
    Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
    Crypto ipsec pmtu aging infinite - the security association
    Crypto ca trustpoint ASDM_TrustPoint0
    registration auto
    name of the object CN = ASA1
    GTCVPN2 key pair
    Configure CRL
    trustpool crypto ca policy
    string encryption ca ASDM_TrustPoint0 certificates
    certificate of 19897d 54
    308201cf 30820138 a0030201 02020419 897d 864886f7 0d 010105 5430 0d06092a
    0500302c 3111300f 06035504 03130851 57455354 32343031 17301506 092a 8648
    09021608 51574553 54323430 31343132 30333034 30333237 301e170d 86f70d01
    5a170d32 34313133 30303430 3332375a 302 c 3111 55040313 08515745 300f0603
    53543234 30311730 1506092a 864886f7 010902 16085157 45535432 34303081 0d
    9f300d06 092 has 8648 86f70d01 01010500 03818d 00 30818902 818100a 2 5e873d21
    dfa7cc00 ee438d1d bc400dc5 220f2dc4 aa896be4 39843044 d0521010 88 has 24454
    b4b1f345 84ec0ad3 cac13d47 a71f367a 2e71f5fc 0a9bd55f 05d 75648 72bfb9e9
    c5379753 26ec523d f2cbc438 d234616f a71e4f4f 42f39dde e4b99020 cfcd00ad
    73162ab8 1af6b6f5 fa1b47c6 d261db8b 4a75b249 60556102 03010001 fa3fbe7c
    300 d 0609 2a 864886 f70d0101 8181007a 05050003 be791b64 a9f0df8f 982d162d
    b7c884c1 eb183711 05d676d7 2585486e 5cdd23b9 af774a8f 9623e91a b3d85f10
    af85c009 9590c0b3 401cec03 4dccf99a f1ee8c01 1e6f0f3a 6516579c 12d9cbab
    59fcead4 63baf64b 7adece49 7799f94c 1865ce1d 2c0f3ced e65fefdc a784dc50
    350e8ba2 998f3820 e6370ae5 7e6c543b 6c1ced
    quit smoking
    Telnet 192.168.64.200 255.255.255.255 inside
    Telnet 192.168.64.169 255.255.255.255 inside
    Telnet 192.168.64.190 255.255.255.255 inside
    Telnet 192.168.64.199 255.255.255.255 inside
    Telnet timeout 5
    SSH timeout 5
    SSH group dh-Group1-sha1 key exchange
    Console timeout 0
    a basic threat threat detection
    Statistics-list of access threat detection
    no statistical threat detection tcp-interception
    SSL-trust ASDM_TrustPoint0 inside point
    SSL-trust outside ASDM_TrustPoint0 point
    WebVPN
    allow outside
    AnyConnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
    AnyConnect enable
    tunnel-group-list activate
    internal GroupPolicy_GTCVPN2 group strategy
    attributes of Group Policy GroupPolicy_GTCVPN2
    WINS server no
    value of 192.168.64.202 DNS server 192.168.64.201
    client ssl-VPN-tunnel-Protocol
    Split-tunnel-policy tunnelspecified
    value of Split-tunnel-network-list gtcvpn2
    field default value mondomaine.fr
    username cHoYQ5ZzE4HJyyq password of duncan / encrypted
    username Aosl50Zig4zLZm4 admin password / encrypted
    password encrypted sebol U7rG3kt653p8ctAz user name
    type tunnel-group GTCVPN2 remote access
    attributes global-tunnel-group GTCVPN2
    Swimming POOLS-for-AnyConnect address pool
    Group Policy - by default-GroupPolicy_GTCVPN2
    tunnel-group GTCVPN2 webvpn-attributes
    enable GTCVPN2 group-alias
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    type of policy-card inspect dns preset_dns_map
    parameters
    maximum message length automatic of customer
    message-length maximum 512
    Policy-map global_policy
    class inspection_default
    inspect the preset_dns_map dns
    inspect the ftp
    inspect h323 h225
    inspect the h323 ras
    Review the ip options
    inspect the netbios
    inspect the rsh
    inspect the rtsp
    inspect the skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect the tftp
    inspect the sip
    inspect xdmcp
    !
    global service-policy global_policy
    context of prompt hostname
    no remote anonymous reporting call
    call-home
    Profile of CiscoTAC-1
    no active account
    http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
    email address of destination [email protected] / * /
    destination-mode http transport
    Subscribe to alert-group diagnosis
    Subscribe to alert-group environment
    Subscribe to alert-group monthly periodic inventory 19
    Subscribe to alert-group configuration periodic monthly 19
    daily periodic subscribe to alert-group telemetry
    Cryptochecksum:0b972b3b751b59085bc2bbbb6b0c2281
    : end
    ASA1 #.

    I can connect to the ASA from outside with the Anyconnect client, split tunneling works well unfortunately I can't ping anything inside the network, VPN subnet: 255.255.255.0, inside the 192.168.64.x 255.255.255.0 subnet 10.0.70.x

    When connecting from the outside, cisco anyconnect is showing 192.168.64.0/24 in the tab "details of the trip.

    Do you know if I'm missing something? (internal subnet to subnet route vpn?)

    Thank you

    Use your internal subnet ASA as its default gateway? If this isn't the case, it will take a route pointing to the ASA inside the interface.

    You can perform a packet - trace as:

    Packet-trace entry inside tcp 192.168.64.2 80 10.0.70.1 1025

    (simulation of traffic back from a web server inside a VPN client)

  • Install Cisco Anyconnect failed

    I tried to installed Anyconnect to a computer for VPN access but failed with a rating below.  I read and impossible to get anything out of it.  Can anyone help?

    Hi Edward,.

    Ok thank you. But can you tell us how to install the anyconnect on the machine? Are download you it from the unit head of network VPN (ASA, router...) or you use the package to download from Cisco's Web site?

  • What VPN Client for ASA 5550 AnyConnect Premium connection?

    We have version9 a couple of ASA550 I want to put in place a VPN client for use with remote access to administration.  We have included AnyConnect VPN, Premium license peers 2 so I guess we can just use of Cisco AnyConnect VPN client.  I went to Cisco's Web site and it says that I don't have right to the last Anyconnect VPN Client 4.x but I don't have access to the version 3.x.

    The 3.x client is compatible with the ASA and also Windows 10?

    If Yes, what is the correct file to use, there are many files listed for download in AnyConnect 3.x?

    In addition, what is the difference between the AnyConnect 3.x and 4.x customer and why Cisco restricting 4.x?

    Jim

    AnyConnect 4.x has changed the licensing model. AnyConnect 4.x licenses are term based licensing vs perpetual 3.x. There are a number of other differences, mainly due to there being only two license types - more and Apex - no Mobile plus, Advanced Endpoint Assessment, shared VPN etc. Cisco offers a nominal or no license cost of migration until the end of 2015. (depending on what you have: positive Essentials or Apex at premium)

    AnyConnect 3.1 will work with Windows 10 and the latest version of the Software ASA (since Version 3.1.10010). Reference:

    http://www.Cisco.com/c/en/us/TD/docs/security/vpn_client/AnyConnect/ANYC...

    There are two ways it is distributed - as a stand-alone installation or package for the distribution of the ASA station. Both come in Windows, Mac OS X and Linux distributions. For a Windows client, you must use either:

    AnyConnect-Win-3.1.12020-pre-deploy-K9.ISO

    AnyConnect-victory - 3.1.12020 - k9.pkg

    .. .to the current version of these respective form factors.

  • Cisco Anyconnect Always on

    My question is how still works activated when connecting to wifi networks where you can drop in their net comments to authenticate on a Web page?

    Could deduct the initial communication and then kick VPN requirements?

    Hey, Derrick.

    This portal of comments is usually called "Captive portal", and Cisco AnyConnect has an option to detect captive portals. For more information, see:

    http://www.Cisco.com/c/en/us/support/docs/security/AnyConnect-secure-mobility-client/118086-TechNote-AnyConnect-00.html

  • CISCO Anyconnect and using TLS V1.2

    Hello

    I ran an anyconnect VPN Service that uses SSLv3, after POODLE, we moved on TLSv1, which worked well, but I have recently been informed that TLSv1 is also vulnerable to POODLE.

    I upgraded to the latest version of the software firewall (it is a 5512 ASA) and TLSv1.2 - which stopped the work VPN was allowed, once it has been activated customers started anyconnect have reported that they were behind a captive portal, despite the fact that he is certainly no captive portal. I get the same problem with TLSv1.1 - How can I get this to work - I'm really stuck and not an expert CISCO.

    Thank you very much

    Hi James,

    What is the version of ASA and anyconnect here? Only anyconnect 4.x support TLS 1.2 and ASA 9.3 (2).

    http://www.Cisco.com/c/en/us/TD/docs/security/vpn_client/AnyConnect/ANYC...

    Kind regards

    Kanwal

    Note: Please check if they are useful.

  • Cisco AnyConnect::How to hide "security warning: Untrusted certificates.

    Whenever I connect to my ASA using the client Anyconnect, attached warning message still appears and there is no option to trust him or import the certificate so that it should not appear the next time.

    Someone please help to make the visible option to trust certificate or to make the warning go away.

    I tried Anyconnect 3.1.05152 and later also.

    The best way is to buy a certificate for your ASA and install it there.

    If you cannot or do not want to do this, you create a self-signed certificate well trained on the SAA. You must make sure your have a 2048-bit RSA right key (or create a new one, when you start).

    If you use a fully qualified domain (FQDN) for the VPN user name to access the ASA which should be the common name (CN) in the certificate. Which addresses the point #1 in the warning.

    Your customers will need to download and install the certificate in their store of trusted CA root. You can do this by browsing the web portal and using your browser tools to copy the ASA SSL certificate to a local file and then import, the substitution of the default location and choosing the store of authority CA root of trust. This element addresses #2.

    Point #3 is also because of the way the self-signed certificate has been created. If you follow the configuration guide, you must have a correct certificate and not get this error.

  • Software update of Cisco anyconnect

    We organize two CISCO ASA 5510 on two sites that have bundles of Cisco Anyconnect 2.3 on them.  We want to install Cisco anyconnect 2.5 package, my question is if I update packets on Cisco ASA will be that force users to upgrade to 2.5 when they try to connect via the web browser?  What happens if they just use the anyconnect software to connect to the vpn, is quite smart to know there is a software update?

    Thank you!

    Yes, it will be automatically updated regadless of how you connect.

  • Cisco AnyConnect VPN Client maintains reconnection

    Hello

    We have recently installed an ASA5505 and activated the VPN access.

    Two of my colleagues have no problems connecting to the VPN using Cisco AnyConnect VPN Client, but I do.

    I am still disconnected after a few seconds with the message:

    "A VPN reconnect gave rise to different configuration settings. VPN network interface is to be reset. Applications using the private network may be required to restart. »

    Cisco AnyConnect VPN Client Version 2.5.2019

    I work with Windows 7 but the same thing happens when I try to connect using my computer that is running Windows Vista.

    My colleagues also using Win7

    I also tried to disable the Windows Firewall.

    Any help would be appreciated.

    Best regards

    Peter

    TAC has been able to solve the problem.   For webvpn mtu changed default from 1406 to 1200.

    Not sure why 2 other ASAs we work very well otherwise though!

    WebVPN
    SVC mtu 1200

  • Order SSL VPN with Cisco Cloud Web Security

    We have implemented Cisco Cloud Web Security with the connector of the ASA and transfer all traffic port 80 and 443 to the Tower of the CCW. We have enabled HTTPS inspection, and I was wondering if there was anything, we can add in the configuration that would allow us to control (allow/block) SSL VPN?

    #Clientless SSL VPN is not supported with Cloud Security Web; don't forget to exempt all SSL VPN traffic without client service ASA for Cloud Web Security Strategy.

    Reference: http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/gu...

Maybe you are looking for