ASA anyconnect configuration issue

I currently have a Cisco ASA 5520 with a working AnyConnect vpn configuration. I'd like to set up my 5510 as a seperate backup VPN connection. After running through setup process via ASDM I can connect in to the 5510 vpn, but not authenticate. After looking at both configurations I realize i need to add a cert, which I was going to set up a self signed cert in the interim. Other than, what else am I missing in this set up?

ASA ver 9.1(3) for both devices. Both devices have the appropriate licenses.
5510VPN-Clean.txt
5520VPN-Clean.txt
travisryanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

travisryanAuthor Commented:
The config has for the 5510 has been updated and is attached. To be clear, I'm getting the error "login failed" when I try to login with the anyconnect client on a Win 8 machine.

I've tried multiple AD names and passwords, and the local admin password just in case it wasn't connecting to AD. I've since tested the AD LDAP connection in the ASDM and it does seem to be able to read groups from AD. Any help is appreciated.
5510VPN-v2-Clean.txt
0
travisryanAuthor Commented:
Still having issues today. To be clear, I can connect to my site with the anyconnect client, it's just when I try to login, with any log in, it gives me "log in failed".
0
travisryanAuthor Commented:
At this point I'm also trying to debug the connection as well as comparing configurations. Adding:

logging class auth console debugging
logging class webvpn console debugging
logging class ssl console debugging
logging class svc console debugging

didn't show anything in my logs when I attempted to connect. Neither did adding:

debug web anyconnect 255

On my Windows 8 test machine, i only see: user credentials entered, login failed on the "message history" tab of the anyconnect client. Is there any other place I should be looking to see what's actually failing?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

travisryanAuthor Commented:
The web page I have redirected to the outside interface of my ASA won't come up in the browser, but I can ping it. I wouldn't think this would make a difference because my error message isn't something about not connecting, it's about not being able to log in with a user account. Again it's even more strange because I can even use the few local accounts I have on the ASA, so it's not like the list of allowed users is somehow pointing to the local database instead of hitting LDAP and AD.
0
travisryanAuthor Commented:
Ok, I got everything cleared up except for something that should be something simple. On my working setup there's a web page I direct users to when they're outside the company. This page let's them log in and download the anyconnect client. I can't seem to find where that option is. Can someone help me?
0
travisryanAuthor Commented:
Things I've tried:

 
I'm comparing the 5510 configuration to a 5520 configuration that's working correctly and every "webvpn" section in the non-working config matches up with the sections in the working config.
   
There's no mention of svc in either config.
   
Through the ASDM, I connect into the working device and the inherit checkbox is checked on the Configuration>Remote Access VPN>Network (Client) Access>Group Policies>Edit>Advanced>AnyConnect Client>Login settings page.

What am I missing?
0
travisryanAuthor Commented:
When I navigate to the page, nothing shows up. When I ping the page from outside the firewall, pings return with the right IP.
0
travisryanAuthor Commented:
I got everything working except for the ASDM doesn't work on the 5510 when it did before. It looks like it's an earlier version 6.2(1) than the 7.1(5) version on the 5520.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
travisryanAuthor Commented:
I went to the SSL VPN service page, it shows 6.2(1). I SSH into the 5510, the asdm-715 image is in there. I delete it out for safe measure and re-transfer it. Then I set it to be the asdm image and delete out the asdm-621.bin file.

I go back to the SSL VPN service page, it still shows 6.2(1)! And it still won't let me connect in from my other ASDM application already running. When I try to add it as another device I get "could not open device". When I try to download the launcher from the 6.2(1) page and connect in, it gives me an "unable to connect".

Either there's something I'm missing here or just I need to reboot the device to get it working properly.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.