Cisco AnyConnect "unable establish VPN"

I have a Cisco AnyConnect VPN Client that autenticate the user but after a while it raise a "Unable to establish VPN". I'm able to connect to the same asa 5505 through webvpn anyconnect link.
ersistemiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

billwhartonCommented:
does it work with the regular ipsec vpn client for windows xp? try it out with that and let me know

also paste your asa configuration here
0
ersistemiAuthor Commented:
It works with cisco vpn client  ver 5, with regular ipsec. It works with anyconnect launched from portal web interface, but not with Anyconnect regular program.
This is the asa configuration:

:: Saved
: Written by enable_15 at 14:58:56.422 CEST Thu Jan 31 2008
!
ASA Version 8.0(2)
!
hostname ercisco
domain-name ersistemi.it
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.99.254 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 78.4.19.125 255.255.255.248
!
interface Vlan3
 no forward interface Vlan1
 nameif dmz
 security-level 50
 ip address 192.168.0.254 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
 switchport access vlan 3
!
passwd 2KFQnbNIdI.2KYOU encrypted
boot system disk0:/asa802-k8.bin
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
 domain-name ersistemi.it
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list inside_access_out extended permit ip any any
access-list inside_access_in extended permit ip any any
access-list outside_access_in extended permit ip any any
access-list outside_access_out extended permit ip any any
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool PoolReteZero 192.168.0.130-192.168.0.140 mask 255.255.255.0
ip local pool PoolRete99 192.168.99.210-192.168.99.220 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
asdm image disk0:/asdm-602.bin
no asdm history enable
arp timeout 14400
global (inside) 2 interface
global (outside) 1 interface
nat (inside) 0 192.168.99.0 255.255.255.0 outside
nat (dmz) 0 192.168.0.0 255.255.255.0 outside
access-group inside_access_in in interface inside
access-group inside_access_out out interface inside
access-group outside_access_in in interface outside
access-group outside_access_out out interface outside
route outside 0.0.0.0 0.0.0.0 78.4.19.121 255
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
nac-policy DfltGrpPolicy-nac-framework-create nac-framework
 reval-period 36000
 sq-period 300
http server enable
http 192.168.99.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
service internal
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
no crypto isakmp nat-traversal
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
telnet 192.168.99.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd auto_config outside
!

no threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
!
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
!
webvpn
 enable outside
 svc image disk0:/sslclient-win-1.1.4.177-anyconnect.pkg 1
 svc enable
group-policy DfltGrpPolicy attributes
 banner value Benvenuti in ER Sistemi !
 wins-server value 192.168.99.246
 dns-server value 192.168.99.246
 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
 ipsec-udp enable
 default-domain value ersistemi.it
 nac-settings value DfltGrpPolicy-nac-framework-create
 address-pools value PoolRete99
 webvpn
  url-list value ER
  svc dpd-interval client 120
  svc dpd-interval gateway 120
  svc ask enable default webvpn timeout 20
  hidden-shares visible
group-policy grpRete0 internal
group-policy grpRete0 attributes
 wins-server value 192.168.0.220
 dns-server value 192.168.0.220
 address-pools value PoolReteZero
username pippo password Ft5ionP1YNFP7sh9 encrypted
tunnel-group DefaultWEBVPNGroup webvpn-attributes
 nbns-server 192.168.99.246 master timeout 2 retry 2
 nbns-server 192.168.99.253 timeout 2 retry 2
 nbns-server 192.168.99.251 timeout 2 retry 2
tunnel-group Rete99 type remote-access
tunnel-group Rete99 general-attributes
 address-pool PoolRete99
tunnel-group Rete99 ipsec-attributes
 pre-shared-key *
tunnel-group Rete0 type remote-access
tunnel-group Rete0 general-attributes
 address-pool PoolReteZero
 default-group-policy grpRete0
tunnel-group Rete0 ipsec-attributes
 pre-shared-key *
prompt hostname context
Cryptochecksum:288dee06b46f76e71eb938803f9dce2b
0
ersistemiAuthor Commented:
I've installed the last Anyconnect version.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.