From: Tim Curci (timcurci@roadrunner.com)
Date: Fri Sep 19 2008 - 13:27:34 ART
I receive the following pop-up when I attempt to establish an AnyConnect SSL
session to an ASA.
Cisco AnyConnect VPN Client
An error was received from the secure gateway in response to the VPN
negotiation request. Please contact your network administrator.
The following message was received from the remote VPN device. No assigned
address.
I do have an address pool assigned to the group in the ASA config.
Debug Output from the ASA is below
Not calling vpn_remove_uauth: not IPv4!
webvpn_svc_np_tear_down: no ACL
webvpn_svc_np_tear_down: no IPv6 ACL
webvpn_rx_data_tunnel_connect
CSTP state = HEADER_PROCESSING
http_parse_cstp_method()
...input: 'CONNECT /CSCOSSLC/tunnel HTTP/1.1'
webvpn_cstp_parse_request_field()
...input: 'Host: brittonout.obg.com'
Processing CSTP header line: 'Host: xxxxxxx.xxxxxx.com"
webvpn_cstp_parse_request_field()
...input: 'User-Agent: Cisco AnyConnect VPN Agent for Windows 2.2.0136'
Processing CSTP header line: 'User-Agent: Cisco AnyConnect VPN Agent for
Windows 2.2.0136'
Setting user-agent to: 'Cisco AnyConnect VPN Agent for Windows 2.2.0136'
webvpn_cstp_parse_request_field()
...input: 'Cookie:
webvpn=565571907@229376@1221840846@24614B2F8D4285A4B45A3E915C3DF64AACDD80AB'
Processing CSTP header line: 'Cookie:
webvpn=565571907@229376@1221840846@24614B2F8D4285A4B45A3E915C3DF64AACDD80AB'
Found WebVPN cookie:
'webvpn=565571907@229376@1221840846@24614B2F8D4285A4B45A3E915C3DF64AACDD80AB'
WebVPN Cookie:
'webvpn=565571907@229376@1221840846@24614B2F8D4285A4B45A3E915C3DF64AACDD80AB'
IPADDR: '565571907', INDEX: '229376', LOGIN: '1221840846'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-Version: 1'
Processing CSTP header line: 'X-CSTP-Version: 1'
Setting version to '1'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-Hostname: BUBBA'
Processing CSTP header line: 'X-CSTP-Hostname: BUBBA'
Setting hostname to: 'BUBBA'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-Accept-Encoding: deflate;q=1.0'
Processing CSTP header line: 'X-CSTP-Accept-Encoding: deflate;q=1.0'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-MTU: 1206'
Processing CSTP header line: 'X-CSTP-MTU: 1206'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-Address-Type: IPv4'
Processing CSTP header line: 'X-CSTP-Address-Type: IPv4'
webvpn_cstp_parse_request_field()
...input: 'X-DTLS-Master-Secret:
ECD62B2221BB8DC2303D6D655ABEF5BD35A38591DB243A9EE977CF8D063004A5E466C596AD753
4923B0B49653BD881AF'
Processing CSTP header line: 'X-DTLS-Master-Secret:
ECD62B2221BB8DC2303D6D655ABEF5BD35A38591DB243A9EE977CF8D063004A5E466C596AD753
4923B0B49653BD881AF'
webvpn_cstp_parse_request_field()
...input: 'X-DTLS-CipherSuite:
AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA'
Processing CSTP header line: 'X-DTLS-CipherSuite:
AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA'
Validating address: 0.0.0.0
CSTP state = WAIT_FOR_ADDRESS
webvpn_cstp_accept_address: 0.0.0.0/0.0.0.0
webvpn_cstp_accept_address: no address?!?
CSTP state = HAVE_ADDRESS
No assigned address
webvpn_cstp_send_error: 503 Service Unavailable
CSTP state = ERROR
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:18 ART