cassini12
asked on
Cisco ASA5505 VPN Access
Hi All
I have had the Cisco ASA5505 setup as the firewall for my company for about 3 Years, without issue I have been able to use CISCO ANYCONNECT to connect remotely to my network etc.. For some reason, I now get a message stating " anyconnect not enabled on the vpn server".. my sh run webvpn is below
Free memory: 71697768 bytes (27%)
Used memory: 196737688 bytes (73%)
------------- ----------------
Total memory: 268435456 bytes (100%)
5505ASA# sh run webvpn
webvpn
enable outside
anyconnect-essentials
svc enable
tunnel-group-list enable
5505ASA#
If I go through the ASDM wizard and attempt to install the SSL VPN via anyconnect, I get an error as shown in screenshot below. ( File write error check disk space) which I am not understanding as the cache-fs they say to use does not exsist.
its a small office, with only anyconnect , asdm, and asa.bin files on it, small running config, so I am lost as to why I cannot add Anyconnect especially when its always worked.
sh disk 0 is also shown below.
5505ASA# sh disk
--#-- --length-- -----date/time------ path
3 4096 May 17 2013 13:51:48 log
13 4096 Aug 13 2017 15:29:23 coredumpinfo
12 4096 Aug 29 2009 07:33:22 crypto_archive
97 16459776 May 17 2013 13:47:00 asa822-k8.bin
98 11869456 May 17 2013 13:49:32 asdm-625-53.bin
99 35167466 Mar 03 2014 10:04:32 anyconnect-win-3.1.05152-k
127111168 bytes total (28049408 bytes free)
SH VER BELOW
5505ASA# sh ver
Cisco Adaptive Security Appliance Software Version 8.2(2)
Device Manager Version 6.2(5)53
Compiled on Mon 11-Jan-10 14:19 by builders
System image file is "disk0:/asa822-k8.bin"
Config file at boot was "startup-config"
5505ASA up 35 mins 20 secs
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 20, DMZ Unrestricted
Inside Hosts : Unlimited
Failover : Active/Standby
VPN-DES : Enabled
VPN-3DES-AES : Enabled
SSL VPN Peers : 2
Total VPN Peers : 25
Dual ISPs : Enabled
VLAN Trunk Ports : 8
Shared License : Enabled
AnyConnect for Mobile : Enabled
AnyConnect for Cisco VPN Phone : Enabled
AnyConnect Essentials : Enabled
Advanced Endpoint Assessment : Enabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Enabled
This platform has an ASA 5505 Security Plus license.
Serial Number: Z2X3
Configuration register is 0x1
THANK YOU FOR ANY HELP!!
NOSPACEASA.png
NOSPACEASA2.png
I have had the Cisco ASA5505 setup as the firewall for my company for about 3 Years, without issue I have been able to use CISCO ANYCONNECT to connect remotely to my network etc.. For some reason, I now get a message stating " anyconnect not enabled on the vpn server".. my sh run webvpn is below
Free memory: 71697768 bytes (27%)
Used memory: 196737688 bytes (73%)
------------- ----------------
Total memory: 268435456 bytes (100%)
5505ASA# sh run webvpn
webvpn
enable outside
anyconnect-essentials
svc enable
tunnel-group-list enable
5505ASA#
If I go through the ASDM wizard and attempt to install the SSL VPN via anyconnect, I get an error as shown in screenshot below. ( File write error check disk space) which I am not understanding as the cache-fs they say to use does not exsist.
its a small office, with only anyconnect , asdm, and asa.bin files on it, small running config, so I am lost as to why I cannot add Anyconnect especially when its always worked.
sh disk 0 is also shown below.
5505ASA# sh disk
--#-- --length-- -----date/time------ path
3 4096 May 17 2013 13:51:48 log
13 4096 Aug 13 2017 15:29:23 coredumpinfo
12 4096 Aug 29 2009 07:33:22 crypto_archive
97 16459776 May 17 2013 13:47:00 asa822-k8.bin
98 11869456 May 17 2013 13:49:32 asdm-625-53.bin
99 35167466 Mar 03 2014 10:04:32 anyconnect-win-3.1.05152-k
127111168 bytes total (28049408 bytes free)
SH VER BELOW
5505ASA# sh ver
Cisco Adaptive Security Appliance Software Version 8.2(2)
Device Manager Version 6.2(5)53
Compiled on Mon 11-Jan-10 14:19 by builders
System image file is "disk0:/asa822-k8.bin"
Config file at boot was "startup-config"
5505ASA up 35 mins 20 secs
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 20, DMZ Unrestricted
Inside Hosts : Unlimited
Failover : Active/Standby
VPN-DES : Enabled
VPN-3DES-AES : Enabled
SSL VPN Peers : 2
Total VPN Peers : 25
Dual ISPs : Enabled
VLAN Trunk Ports : 8
Shared License : Enabled
AnyConnect for Mobile : Enabled
AnyConnect for Cisco VPN Phone : Enabled
AnyConnect Essentials : Enabled
Advanced Endpoint Assessment : Enabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Enabled
This platform has an ASA 5505 Security Plus license.
Serial Number: Z2X3
Configuration register is 0x1
THANK YOU FOR ANY HELP!!
NOSPACEASA.png
NOSPACEASA2.png
arnold
Do you have a pair of ASAs in HA configuration? Double check that both have any connect enabled and the IP to which any connect is bound, perhaps you have one active for traffic.. While the other is the Bon end point.
ASKER
HI, I do not, this is a single asa setup. Thank you though
Double check the external IP you are connecting to and the external IP configured for any connect.
ASKER
The IP is correct. I can PUTTY to the same IP etc, Also the asa as shown states anyconnect is not enabled. and weirder it has worked for years without issue.
Did you apply updates recently, ssh into the system might not be the same, or conflict.
Listen, you have the access to the device, if you can ssh into it while attempting to establish a VPN, check the logs on both the client side what it shows and the server side.
I am not in a position to give you a definitive answer.
first you have not posted the configuration so......
Look in coredumps there seem to be recent activity.....
Listen, you have the access to the device, if you can ssh into it while attempting to establish a VPN, check the logs on both the client side what it shows and the server side.
I am not in a position to give you a definitive answer.
first you have not posted the configuration so......
Look in coredumps there seem to be recent activity.....
Look at the suggestion the first error offererd, using cache-fs to raise memory... by allocating it from the flash.
Issue a
'show run webvpn'
You should see something like....
webvpn
enable outside
anyconnect-essentials
anyconnect image disk0:/{The package you have in flash I can't see the name of}.pkg 1
anyconnect enable
Pete
'show run webvpn'
You should see something like....
webvpn
enable outside
anyconnect-essentials
anyconnect image disk0:/{The package you have in flash I can't see the name of}.pkg 1
anyconnect enable
Pete
ASKER
5505ASA# sh run webvpn
webvpn
enable outside
anyconnect-essentials
svc enable
tunnel-group-list enable
I do not see that, and I think that's the whole issue, as when I try to "install it" it gives me a disk space error. I need to know how I can create more space, since I do have the file in flash, I just get the screenshot error about space when I try to install it.. and again cache-fs is not available on my asa. so I cannot do that
webvpn
enable outside
anyconnect-essentials
svc enable
tunnel-group-list enable
I do not see that, and I think that's the whole issue, as when I try to "install it" it gives me a disk space error. I need to know how I can create more space, since I do have the file in flash, I just get the screenshot error about space when I try to install it.. and again cache-fs is not available on my asa. so I cannot do that
ASKER
My SH FLASH
--#-- --length-- -----date/time------ path
3 4096 May 17 2013 13:51:48 log
13 4096 Aug 13 2017 15:29:23 coredumpinfo
12 4096 Aug 29 2009 07:33:22 crypto_archive
97 16459776 May 17 2013 13:47:00 asa822-k8.bin
98 11869456 May 17 2013 13:49:32 asdm-625-53.bin
99 35167466 Mar 03 2014 10:04:32 anyconnect-win-3.1.05152-k
--#-- --length-- -----date/time------ path
3 4096 May 17 2013 13:51:48 log
13 4096 Aug 13 2017 15:29:23 coredumpinfo
12 4096 Aug 29 2009 07:33:22 crypto_archive
97 16459776 May 17 2013 13:47:00 asa822-k8.bin
98 11869456 May 17 2013 13:49:32 asdm-625-53.bin
99 35167466 Mar 03 2014 10:04:32 anyconnect-win-3.1.05152-k
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok this is starting to get better, but see below for what happened and TY for your help
5505ASA(config-webvpn)# svc ?
webvpn mode commands/options:
enable Enable SSL VPN Client
image SSL VPN Client package file path
profiles AC profiles package filepath.
5505ASA(config-webvpn)# svc ima
5505ASA(config-webvpn)# svc image ?
webvpn mode commands/options:
disk0: SSL VPN Client package file path
flash: SSL VPN Client package file path
5505ASA(config-webvpn)# svc image disk0:/anyconnect-win-3.1.
ERROR: File write error (check disk space)
ERROR: Unable to load SVC image - increase disk space via the 'cache-fs' command
5505ASA(config-webvpn)#
5505ASA(config-webvpn)# svc ?
webvpn mode commands/options:
enable Enable SSL VPN Client
image SSL VPN Client package file path
profiles AC profiles package filepath.
5505ASA(config-webvpn)# svc ima
5505ASA(config-webvpn)# svc image ?
webvpn mode commands/options:
disk0: SSL VPN Client package file path
flash: SSL VPN Client package file path
5505ASA(config-webvpn)# svc image disk0:/anyconnect-win-3.1.
ERROR: File write error (check disk space)
ERROR: Unable to load SVC image - increase disk space via the 'cache-fs' command
5505ASA(config-webvpn)#
ASKER
Wondering if I really have to just upgrade the memory or if even possible the internal flash
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
5505ASA# sh mem
Free memory: 66977424 bytes (25%)
Used memory: 201458032 bytes (75%)
------------- ----------------
Total memory: 268435456 bytes (100%)
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
5505ASA# sh mem
Free memory: 66977424 bytes (25%)
Used memory: 201458032 bytes (75%)
------------- ----------------
Total memory: 268435456 bytes (100%)
OK I've never seen this myself looks like a bug,
See https://supportforums.cisco.com/discussion/11270531/cannot-find-asa-cache-fs-command
looks like the fix is upgrade to 8.2(5)
Pete
See https://supportforums.cisco.com/discussion/11270531/cannot-find-asa-cache-fs-command
looks like the fix is upgrade to 8.2(5)
Pete
ASKER
Ok I figured out the solution, Thank you all for your help guiding me to it..
In the end, I had to remove anyconnect 3.1 and upload anyconnect 2.5
2.5 is only 4mb
3.0 and above are over 30mb.
it instantly worked when I applied 2.5..
TY ALL
In the end, I had to remove anyconnect 3.1 and upload anyconnect 2.5
2.5 is only 4mb
3.0 and above are over 30mb.
it instantly worked when I applied 2.5..
TY ALL
ASKER
Ok I figured out the solution, Thank you all for your help guiding me to it..
In the end, I had to remove anyconnect 3.1 and upload anyconnect 2.5
2.5 is only 4mb
3.0 and above are over 30mb.
it instantly worked when I applied 2.5..
TY ALL
In the end, I had to remove anyconnect 3.1 and upload anyconnect 2.5
2.5 is only 4mb
3.0 and above are over 30mb.
it instantly worked when I applied 2.5..
TY ALL