SSL VPN Access no Longer working with ASA 5505


I upgraded the license for my ASA 5505 because I need ulimited inside hosts. Everything seemed fine after I reloaded the device however, we are now having problems with our webVPN.  I'm getting the following message when trying to login from a web browser.

"Clientless (browser) SSL VPN access is not allowed"
Mark SmithSr. Manager ITAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jonathan BriteSystem AdminCommented:
this happened to me as well when upgrading my license.  You may need to open a TAC case to get a new license that has all the features you need.
Jonathan BriteSystem AdminCommented:
Jonathan BriteSystem AdminCommented:
this should help as well....

my guess is you need to run the command "no anyconnect-essentials" as you probably want to be using AnyConnect Premium.  This allows you to do that without a reload or anything.

Can you post back your show version so I can see what licenses are enabled?  Also, what OS are you on.
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

Mark SmithSr. Manager ITAuthor Commented:
Hi Jonathan,

I have not tried the command yet but here is my version info.

AlzASA# show version

Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(5)

Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"

AlzASA up 12 hours 26 mins

Hardware:   ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05

 0: Int: Internal-Data0/0    : address is 001e.1313.1a0c, irq 11
 1: Ext: Ethernet0/0         : address is 001e.1313.1a04, irq 255
 2: Ext: Ethernet0/1         : address is 001e.1313.1a05, irq 255
 3: Ext: Ethernet0/2         : address is 001e.1313.1a06, irq 255
 4: Ext: Ethernet0/3         : address is 001e.1313.1a07, irq 255
 5: Ext: Ethernet0/4         : address is 001e.1313.1a08, irq 255
 6: Ext: Ethernet0/5         : address is 001e.1313.1a09, irq 255
 7: Ext: Ethernet0/6         : address is 001e.1313.1a0a, irq 255
 8: Ext: Ethernet0/7         : address is 001e.1313.1a0b, irq 255
 9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
10: Int: Not used            : irq 255
11: Int: Not used            : irq 255

Licensed features for this platform:
Maximum Physical Interfaces    : 8
VLANs                          : 20, DMZ Unrestricted
Inside Hosts                   : Unlimited
Failover                       : Active/Standby
VPN-DES                        : Enabled
VPN-3DES-AES                   : Enabled
SSL VPN Peers                  : 2
Total VPN Peers                : 25
Dual ISPs                      : Enabled
VLAN Trunk Ports               : 8
Shared License                 : Disabled
AnyConnect for Mobile          : Enabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Enabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled

This platform has an ASA 5505 Security Plus license.

Serial Number: JMX1142Z1DY
Running Activation Key: 0xad0bfe59 0x48d5e71a 0x35127014 0xe3246818 0x450fc59a
Configuration register is 0x1
Configuration has not been modified since last system restart.
Jonathan BriteSystem AdminCommented:
it looks like your running an AnyConnect Essentials license on your ASA which doesn't support Clientless SSL VPN.

There are 2 types of SSL VPN license:

1) AnyConnect Essentials license - only supports AnyConnect client connections

2) AnyConnect Premium license (user base license) - supports all SSL VPN, including: clientless SSL VPN, AnyConnect client VPN, and all the advanced features of SSL VPN.

Hope that answers your question.  You may want to open a TAC case to get the proper license files you need to get everything functioning again.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mark SmithSr. Manager ITAuthor Commented:
Interesting, I will contact the vendor and let you know the results.

Thank you,
Mark SmithSr. Manager ITAuthor Commented:
Hi Jonathan,

Thank you!  A new license key was added to the firewall and we are good.
Mark SmithSr. Manager ITAuthor Commented:

Thanks for the advice, I really appreciate it.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.