Cisco AnyConnect "unable establish VPN"

I have a Cisco AnyConnect VPN Client that autenticate the user but after a while it raise a "Unable to establish VPN". I'm able to connect to the same asa 5505 through webvpn anyconnect link.
ersistemiAsked:
Who is Participating?
 
ersistemiConnect With a Mentor Author Commented:
I've installed the last Anyconnect version.
0
 
billwhartonConnect With a Mentor Commented:
does it work with the regular ipsec vpn client for windows xp? try it out with that and let me know

also paste your asa configuration here
0
 
ersistemiAuthor Commented:
It works with cisco vpn client  ver 5, with regular ipsec. It works with anyconnect launched from portal web interface, but not with Anyconnect regular program.
This is the asa configuration:

:: Saved
: Written by enable_15 at 14:58:56.422 CEST Thu Jan 31 2008
!
ASA Version 8.0(2)
!
hostname ercisco
domain-name ersistemi.it
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.99.254 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 78.4.19.125 255.255.255.248
!
interface Vlan3
 no forward interface Vlan1
 nameif dmz
 security-level 50
 ip address 192.168.0.254 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
 switchport access vlan 3
!
passwd 2KFQnbNIdI.2KYOU encrypted
boot system disk0:/asa802-k8.bin
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
 domain-name ersistemi.it
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list inside_access_out extended permit ip any any
access-list inside_access_in extended permit ip any any
access-list outside_access_in extended permit ip any any
access-list outside_access_out extended permit ip any any
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool PoolReteZero 192.168.0.130-192.168.0.140 mask 255.255.255.0
ip local pool PoolRete99 192.168.99.210-192.168.99.220 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
asdm image disk0:/asdm-602.bin
no asdm history enable
arp timeout 14400
global (inside) 2 interface
global (outside) 1 interface
nat (inside) 0 192.168.99.0 255.255.255.0 outside
nat (dmz) 0 192.168.0.0 255.255.255.0 outside
access-group inside_access_in in interface inside
access-group inside_access_out out interface inside
access-group outside_access_in in interface outside
access-group outside_access_out out interface outside
route outside 0.0.0.0 0.0.0.0 78.4.19.121 255
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
nac-policy DfltGrpPolicy-nac-framework-create nac-framework
 reval-period 36000
 sq-period 300
http server enable
http 192.168.99.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
service internal
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
no crypto isakmp nat-traversal
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
telnet 192.168.99.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd auto_config outside
!

no threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
!
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
!
webvpn
 enable outside
 svc image disk0:/sslclient-win-1.1.4.177-anyconnect.pkg 1
 svc enable
group-policy DfltGrpPolicy attributes
 banner value Benvenuti in ER Sistemi !
 wins-server value 192.168.99.246
 dns-server value 192.168.99.246
 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
 ipsec-udp enable
 default-domain value ersistemi.it
 nac-settings value DfltGrpPolicy-nac-framework-create
 address-pools value PoolRete99
 webvpn
  url-list value ER
  svc dpd-interval client 120
  svc dpd-interval gateway 120
  svc ask enable default webvpn timeout 20
  hidden-shares visible
group-policy grpRete0 internal
group-policy grpRete0 attributes
 wins-server value 192.168.0.220
 dns-server value 192.168.0.220
 address-pools value PoolReteZero
username pippo password Ft5ionP1YNFP7sh9 encrypted
tunnel-group DefaultWEBVPNGroup webvpn-attributes
 nbns-server 192.168.99.246 master timeout 2 retry 2
 nbns-server 192.168.99.253 timeout 2 retry 2
 nbns-server 192.168.99.251 timeout 2 retry 2
tunnel-group Rete99 type remote-access
tunnel-group Rete99 general-attributes
 address-pool PoolRete99
tunnel-group Rete99 ipsec-attributes
 pre-shared-key *
tunnel-group Rete0 type remote-access
tunnel-group Rete0 general-attributes
 address-pool PoolReteZero
 default-group-policy grpRete0
tunnel-group Rete0 ipsec-attributes
 pre-shared-key *
prompt hostname context
Cryptochecksum:288dee06b46f76e71eb938803f9dce2b
0
All Courses

From novice to tech pro — start learning today.