Mam maly problem z konfiguracja VPN na ASA 5555-X.
Maly over view jak wyglada topologia:
http://pl.tinypic.com/view.php?pic=fcuq ... KcIf_mLTRY
1. Routing ok
2. ICMP - pinguje
3. TCP ping - ok
4. ACL ok (any any RFC1918)
Na interfejsie outside, po https widze ze web VPN nasluchuje.
Mam stwrzone konto lokalnie, wyglada na to ze dziala, problem jest z LDAP
Konfiguracja
Atrybut ldap attribute-map tez zosta zaimplementowany.
ldap attribute-map GLO-GB-POOL-SELECTION
map-value memberOf "CN=TEST-VPN,OU=Network VLANs,OU=Groups,OU=Managed,DC=GLO,DC=GB" TEST-ANYCONNECT
group-policy TEST-ANYCONNECT internal
group-policy TEST-ANYCONNECT attributes
wins-server none
dns-server value 10.44.240.16 10.44.240.18
vpn-filter value TESTTEMPACNET
vpn-tunnel-protocol ssl-client
split-tunnel-policy excludespecified
split-tunnel-network-list value DEV-SPLIT-TUNNEL
default-domain value glo.gb
split-tunnel-all-dns disable
address-pools value TEST
ip local pool TEST 10.44.169.50-10.44.169.55 mask 255.255.255.0
access-list TESTTEMPACNET extended permit ip any4 any4 log
Debug
Co sie kurcze dzieje ze nie jestem w stanie sie uwierzytelnić z AD ? (Micrsofot Windows)ENTER SESS_Mgmt_CreateSession < 01483EF9 < 0043B727 < 00436FD0 < 0165169C < 0165173D < 0164CDC3 < 01650EA9 < 00433022 < 01B44540 ENTER SESS_Mgmt_CheckLicenseLimitReached < 01483481 < 0148396E < 01483F30 < 0043B727 < 00436FD0 < 0165169C < 0165173D < 0164CDC3 ENTER SESS_Mgmt_CalculateLicenseLimit < 0147D371 < 01483446 < 0148396E < 01483F30 < 0043B727 < 00436FD0 < 0165169C < 0165173D ENTER SESS_Mgmt_CalculateLicenseLimit < 0147D371 < 01483456 < 0148396E < 01483F30 < 0043B727 < 00436FD0 < 0165169C < 0165173D ENTER SESS_Util_CreateSession < 01477FF9 < 01483F99 < 0043B727 < 00436FD0 < 0165169C < 0165173D < 0164CDC3 < 01650EA9 < 00433022 ENTER SESS_Mgmt_FreeSessionFileLineFunc < 0147FEA9 < 0043B2BC < 0043773E < 00432E4A < 01B43A48 < 0178852A < 0179AEB1 < 01789410
SESS_Mgmt_FreeSessionFileLineFunc: Index=0x001A6000 ACTIVE @ aaa_shim_utils.c:252@aaa_shim_cleanup_auth_ctx
ENTER SESS_Mgmt_RemoveSessionFromTunnelGroup < 01493229 < 0147FA46 < 0043B2BC < 0043773E < 00432E4A < 01B43A48 < 0178852A ENTER SESS_Util_DeleteUser < 01495AE9 < 0147FA55 < 0043B2BC < 0043773E < 00432E4A < 01B43A48 < 0178852A < 0179AEB1 < 01789410 ENTER SESS_Mgmt_CreateSession < 01483EF9 < 0043B727 < 00436FD0 < 0165169C < 0165173D < 0164CDC3 < 01650EA9 < 00433022 < 01B44540 ENTER SESS_Mgmt_CheckLicenseLimitReached < 01483481 < 0148396E < 01483F30 < 0043B727 < 00436FD0 < 0165169C < 0165173D < 0164CDC3 ENTER SESS_Mgmt_CalculateLicenseLimit < 0147D371 < 01483446 < 0148396E < 01483F30 < 0043B727 < 00436FD0 < 0165169C < 0165173D ENTER SESS_Mgmt_CalculateLicenseLimit < 0147D371 < 01483456 < 0148396E < 01483F30 < 0043B727 < 00436FD0 < 0165169C < 0165173D ENTER SESS_Util_CreateSession < 01477FF9 < 01483F99 < 0043B727 < 00436FD0 < 0165169C < 0165173D < 0164CDC3 < 01650EA9 < 00433022 ENTER SESS_Mgmt_FreeSessionFileLineFunc < 0147FEA9 < 0043B2BC < 0043773E < 00432E4A < 01B43A48 < 0178852A < 0179AEB1 < 01789410
SESS_Mgmt_FreeSessionFileLineFunc: Index=0x001A7000 ACTIVE @ aaa_shim_utils.c:252@aaa_shim_cleanup_auth_ctx
ENTER SESS_Mgmt_RemoveSessionFromTunnelGroup < 01493229 < 0147FA46 < 0043B2BC < 0043773E < 00432E4A < 01B43A48 < 0178852A ENTER SESS_Util_DeleteUser < 01495AE9 < 0147FA55 < 0043B2BC < 0043773E < 00432E4A < 01B43A48 < 0178852A < 0179AEB1 < 01789410
Mam nadzieje ze dostane dobrego hinta.
Pzdr