From: armylegionmedic@aol.com
Date: Fri Sep 19 2008 - 13:38:19 ART
I had the same exact issue 2 days ago. Here is how I corrected it.
Configuring Address Pools for Nondirectly Connected Networks:?
?
If you need to configure an address pool for IP addresses from a network that is not directly connected, perform the following steps:?
?
1. Create a localloopback interface and configure it with an IP address and subnet mask?
from the address pool.?
?
2. Configure the address pool with the ip local pool command. The range of addresses?
must fall under the subnet mask configured in step 1.?
?
3. Configure the svc address-pool command with name configured in step 2.?
?
http://www.cisco.com/en/US/partner/products/ps6441/products_feature_guide09186a00805eeaea.html#wp1358074
-----Original Message-----
From: Tim Curci <timcurci@roadrunner.com>
To: ccielab@groupstudy.com
Sent: Fri, 19 Sep 2008 9:27 am
Subject: Cisco AnyConnect Problems with ASA...
I receive the following pop-up when I attempt to establish an AnyConnect SSL
session to an ASA.
Cisco AnyConnect VPN Client
An error was received from the secure gateway in response to the VPN
negotiation request. Please contact your network administrator.
The following message was received from the remote VPN device. No assigned
address.
I do have an address pool assigned to the group in the ASA config.
Debug Output from the ASA is below
Not calling vpn_remove_uauth: not IPv4!
webvpn_svc_np_tear_down: no ACL
webvpn_svc_np_tear_down: no IPv6 ACL
webvpn_rx_data_tunnel_connect
CSTP state = HEADER_PROCESSING
http_parse_cstp_method()
...input: 'CONNECT /CSCOSSLC/tunnel HTTP/1.1'
webvpn_cstp_parse_request_field()
...input: 'Host: brittonout.obg.com'
Processing CSTP header line: 'Host: xxxxxxx.xxxxxx.com"
webvpn_cstp_parse_request_field()
...input: 'User-Agent: Cisco AnyConnect VPN Agent for Windows 2.2.0136'
Processing CSTP header line: 'User-Agent: Cisco AnyConnect VPN Agent for
Windows 2.2.0136'
Setting user-agent to: 'Cisco AnyConnect VPN Agent for Windows 2.2.0136'
webvpn_cstp_parse_request_field()
...input: 'Cookie:
webvpn=565571907@229376@1221840846@24614B2F8D4285A4B45A3E915C3DF64AACDD80AB'
Processing CSTP header line: 'Cookie:
webvpn=565571907@229376@1221840846@24614B2F8D4285A4B45A3E915C3DF64AACDD80AB'
Found WebVPN cookie:
'webvpn=565571907@229376@1221840846@24614B2F8D4285A4B45A3E915C3DF64AACDD80AB'
WebVPN Cookie:
'webvpn=565571907@229376@1221840846@24614B2F8D4285A4B45A3E915C3DF64AACDD80AB'
IPADDR: '565571907', INDEX: '229376', LOGIN: '1221840846'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-Version: 1'
Processing CSTP header line: 'X-CSTP-Version: 1'
Setting version to '1'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-Hostname: BUBBA'
Processing CSTP header line: 'X-CSTP-Hostname: BUBBA'
Setting hostname to: 'BUBBA'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-Accept-Encoding: deflate;q=1.0'
Processing CSTP header line: 'X-CSTP-Accept-Encoding: deflate;q=1.0'
webvpn_cstp_parse_req
uest_field()
...input: 'X-CSTP-MTU: 1206'
Processing CSTP header line: 'X-CSTP-MTU: 1206'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-Address-Type: IPv4'
Processing CSTP header line: 'X-CSTP-Address-Type: IPv4'
webvpn_cstp_parse_request_field()
...input: 'X-DTLS-Master-Secret:
ECD62B2221BB8DC2303D6D655ABEF5BD35A38591DB243A9EE977CF8D063004A5E466C596AD753
4923B0B49653BD881AF'
Processing CSTP header line: 'X-DTLS-Master-Secret:
ECD62B2221BB8DC2303D6D655ABEF5BD35A38591DB243A9EE977CF8D063004A5E466C596AD753
4923B0B49653BD881AF'
webvpn_cstp_parse_request_field()
...input: 'X-DTLS-CipherSuite:
AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA'
Processing CSTP header line: 'X-DTLS-CipherSuite:
AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA'
Validating address: 0.0.0.0
CSTP state = WAIT_FOR_ADDRESS
webvpn_cstp_accept_address: 0.0.0.0/0.0.0.0
webvpn_cstp_accept_address: no address?!?
CSTP state = HAVE_ADDRESS
No assigned address
webvpn_cstp_send_error: 503 Service Unavailable
CSTP state = ERROR
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:18 ART