Configuring SSL VPN for Anyconnect

Posted on November 28, 2010

0



The AnyConnect client provides remote end users running Microsoft Vista, Windows XP or Windows 2000, Linux, or Macintosh OS X, with the benefits of a Cisco SSL VPN client, and supports applications and functions unavailable to a clientless, browser-based SSL VPN connection. In addition, the AnyConnect client supports IPv6 over an IPv4 network.

The AnyConnect client can be installed manually on the remote PC by the system administrator. It can also be loaded onto the security appliance and made ready for download to remote users. After downloading, it can automatically uninstall itself after the connection terminates, or it can remain on the remote PC for future SSL VPN connections.

In the following example I configure ssl vpn with rsa secureid and then with certificate. It is possible to configure both of them in the same time.

First you need to upload the image files for svc. I already did that and configured as well. I uploaded 2 kinf of images, one for linux and one for windows.

# sh webvpn svc
1. disk0:/anyconnect-linux-2.5.2001-k9.pkg 1 dyn-regex=/Linux i[1-9]86/
CISCO STC Linux
2.5.2001
Thu Oct 21 12:25:16 MDT 2010 

2. disk0:/anyconnect-win-2.5.2001-k9.pkg 2 dyn-regex=/Windows NT/
CISCO STC win2k+
2,5,2001
Thu 10/21/2010 12:45:51.87

2 SSL VPN Client(s) installed

In the first example we use for authentication an RSA Secureid.

webvpn
port 444
enable outside
dtls port 444
svc image disk0:/anyconnect-linux-2.5.2001-k9.pkg 1
svc image disk0:/anyconnect-win-2.5.2001-k9.pkg 2
svc enable
tunnel-group-list enable
!
group-policy MyVpnPolicy2 internal
group-policy MyVpnPolicy2 attributes
wins-server value 2.2.2.2 3.3.3.3
dns-server value 4.4.4.4 5.5.5.5
dhcp-network-scope 6.6.6.0
vpn-tunnel-protocol svc
default-domain value mycompany.com
!
tunnel-group AnyconnectTest type remote-access
tunnel-group AnyconnectTest general-attributes
authentication-server-group (outside) mysdigrp
default-group-policy MyVpnPolicy2
dhcp-server 8.8.8.8
tunnel-group AnyconnectTest webvpn-attributes
authentication aaa
group-alias SSLVPNClient enable
!
aaa-server mysdigrp protocol sdi
aaa-server mysdigrp (inside) host 10.10.10.10 mykey

In the following example we use a certificate for the ssl vpn. Lets assume that the trustpoint and the client certificate is already configured.
For the certificate creation part the following document can help:
https://itsecworks.wordpress.com/2010/11/22/certificate-based-vpn/

webvpn
port 444
enable outside
dtls port 444
svc image disk0:/anyconnect-linux-2.5.2001-k9.pkg 1
svc image disk0:/anyconnect-win-2.5.2001-k9.pkg 2
svc enable
tunnel-group-list enable
certificate-group-map MyCM 5 AnyconnectTest
!
group-policy MyVpnPolicy2 internal
group-policy MyVpnPolicy2 attributes
wins-server value 2.2.2.2 3.3.3.3
dns-server value 4.4.4.4 5.5.5.5
dhcp-network-scope 6.6.6.0
vpn-tunnel-protocol svc
default-domain value mycompany.com
!
tunnel-group AnyconnectTest type remote-access
tunnel-group AnyconnectTest general-attributes
default-group-policy MyVpnPolicy2
dhcp-server 8.8.8.8
tunnel-group AnyconnectTest webvpn-attributes
authentication certificate
group-alias SSLVPNClient enable
!
ssl encryption rc4-md5 3des-sha1 aes128-sha1 aes256-sha1
ssl trust-point mytrustpoint outside
ssl certificate-authentication interface outside port 444
!
crypto ca certificate map MyCM 5
issuer-name co root

The successful login looks like the following, in the log.

# term mon
Nov 29 2010 08:30:09: %ASA-5-111008: User ‘enable_15’ executed the ‘terminal monitor’ command.
Nov 29 2010 08:30:13: %ASA-6-302013: Built inbound TCP connection 37306 for outside:81.57.28.18/1133 (81.57.28.18/1133) to identity:13.13.13.13/444 (13.13.13.13/444)
Nov 29 2010 08:30:13: %ASA-6-725001: Starting SSL handshake with client outside:81.57.28.18/1133 for TLSv1 session.
Nov 29 2010 08:30:13: %ASA-7-725010: Device supports the following 4 cipher(s).
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[1] : RC4-MD5
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[2] : DES-CBC3-SHA
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[3] : AES128-SHA
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[4] : AES256-SHA
Nov 29 2010 08:30:13: %ASA-7-725008: SSL client outside:81.57.28.18/1133 proposes the following 8 cipher(s).
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[1] : RC4-MD5
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[2] : RC4-SHA
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[3] : DES-CBC3-SHA
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[4] : DES-CBC-SHA
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[5] : EXP-RC4-MD5
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[6] : EXP-RC2-CBC-MD5
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[7] : EDH-DSS-DES-CBC3-SHA
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[8] : EDH-DSS-DES-CBC-SHA
Nov 29 2010 08:30:13: %ASA-7-725012: Device chooses cipher : RC4-MD5 for the SSL session with client outside:81.57.28.18/1133
Nov 29 2010 08:30:13: %ASA-6-302014: Teardown TCP connection 37306 for outside:81.57.28.18/1133 to identity:13.13.13.13/444 duration 0:00:00 bytes 2666 TCP Reset-I
Nov 29 2010 08:30:13: %ASA-6-302013: Built inbound TCP connection 37307 for outside:81.57.28.18/1134 (81.57.28.18/1134) to identity:13.13.13.13/444 (13.13.13.13/444)
Nov 29 2010 08:30:13: %ASA-6-725001: Starting SSL handshake with client outside:81.57.28.18/1134 for TLSv1 session.
Nov 29 2010 08:30:13: %ASA-7-725010: Device supports the following 4 cipher(s).
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[1] : RC4-MD5
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[2] : DES-CBC3-SHA
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[3] : AES128-SHA
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[4] : AES256-SHA
Nov 29 2010 08:30:13: %ASA-7-725008: SSL client outside:81.57.28.18/1134 proposes the following 8 cipher(s).
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[1] : RC4-MD5
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[2] : RC4-SHA
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[3] : DES-CBC3-SHA
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[4] : DES-CBC-SHA
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[5] : EXP-RC4-MD5
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[6] : EXP-RC2-CBC-MD5
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[7] : EDH-DSS-DES-CBC3-SHA
Nov 29 2010 08:30:13: %ASA-7-725011: Cipher[8] : EDH-DSS-DES-CBC-SHA
Nov 29 2010 08:30:13: %ASA-7-725012: Device chooses cipher : RC4-MD5 for the SSL session with client outside:81.57.28.18/1134
Nov 29 2010 08:30:13: %ASA-7-717025: Validating certificate chain containing 1 certificate(s).
Nov 29 2010 08:30:13: %ASA-7-717029: Identified client certificate within certificate chain. serial number: 6129BBD6000000000003, subject name: ea=Testuser1@mycompany.hu,cn=Testuser1,ou=Networking,o=Mycompany AG,l=Budapest,st=Budapest,c=HU.
Nov 29 2010 08:30:13: %ASA-7-717030: Found a suitable trustpoint fwasa_ms_cert to validate certificate.
Nov 29 2010 08:30:13: %ASA-6-717022: Certificate was successfully validated. serial number: 6129BBD6000000000003, subject name: ea=Testuser1@mycompany.hu,cn=Testuser1,ou=Networking,o=Mycompany AG,l=Budapest,st=Budapest,c=HU.
Nov 29 2010 08:30:13: %ASA-6-717028: Certificate chain was successfully validated with warning, revocation status was not checked.
Nov 29 2010 08:30:13: %ASA-6-725002: Device completed SSL handshake with client outside:81.57.28.18/1134
Nov 29 2010 08:30:14: %ASA-6-725007: SSL session with client outside:81.57.28.18/1134 terminated.
Nov 29 2010 08:30:14: %ASA-6-302014: Teardown TCP connection 37307 for outside:81.57.28.18/1134 to identity:13.13.13.13/444 duration 0:00:00 bytes 3050 TCP Reset-I
Nov 29 2010 08:30:14: %ASA-6-302013: Built inbound TCP connection 37308 for outside:81.57.28.18/1135 (81.57.28.18/1135) to identity:13.13.13.13/444 (13.13.13.13/444)
Nov 29 2010 08:30:14: %ASA-6-725001: Starting SSL handshake with client outside:81.57.28.18/1135 for TLSv1 session.
Nov 29 2010 08:30:14: %ASA-7-725010: Device supports the following 4 cipher(s).
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[1] : RC4-MD5
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[2] : DES-CBC3-SHA
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[3] : AES128-SHA
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[4] : AES256-SHA
Nov 29 2010 08:30:14: %ASA-7-725008: SSL client outside:81.57.28.18/1135 proposes the following 8 cipher(s).
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[1] : RC4-MD5
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[2] : RC4-SHA
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[3] : DES-CBC3-SHA
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[4] : DES-CBC-SHA
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[5] : EXP-RC4-MD5
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[6] : EXP-RC2-CBC-MD5
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[7] : EDH-DSS-DES-CBC3-SHA
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[8] : EDH-DSS-DES-CBC-SHA
Nov 29 2010 08:30:14: %ASA-7-725012: Device chooses cipher : RC4-MD5 for the SSL session with client outside:81.57.28.18/1135
Nov 29 2010 08:30:14: %ASA-7-717025: Validating certificate chain containing 1 certificate(s).
Nov 29 2010 08:30:14: %ASA-7-717029: Identified client certificate within certificate chain. serial number: 6129BBD6000000000003, subject name: ea=Testuser1@mycompany.hu,cn=Testuser1,ou=Networking,o=Mycompany AG,l=Budapest,st=Budapest,c=HU.
Nov 29 2010 08:30:14: %ASA-7-717030: Found a suitable trustpoint fwasa_ms_cert to validate certificate.
Nov 29 2010 08:30:14: %ASA-6-717022: Certificate was successfully validated. serial number: 6129BBD6000000000003, subject name: ea=Testuser1@mycompany.hu,cn=Testuser1,ou=Networking,o=Mycompany AG,l=Budapest,st=Budapest,c=HU.
Nov 29 2010 08:30:14: %ASA-6-717028: Certificate chain was successfully validated with warning, revocation status was not checked.
Nov 29 2010 08:30:14: %ASA-6-725002: Device completed SSL handshake with client outside:81.57.28.18/1135
Nov 29 2010 08:30:14: %ASA-7-717036: Looking for a tunnel group match based on certificate maps for peer certificate with serial number: 6129BBD6000000000003, subject name: ea=Testuser1@mycompany.hu,cn=Testuser1,ou=Networking,o=Mycompany AG,l=Budapest,st=Budapest,c=HU, issuer_name: cn=Mycompany MS ROOT CA,dc=Mycompany,dc=Co.
Nov 29 2010 08:30:14: %ASA-7-717038: Tunnel group match found. Tunnel Group: AnyconnectTest, Peer certificate: serial number: 6129BBD6000000000003, subject name: ea=Testuser1@mycompany.hu,cn=Testuser1,ou=Networking,o=Mycompany AG,l=Budapest,st=Budapest,c=HU, issuer_name: cn=Mycompany MS ROOT CA,dc=Mycompany,dc=Co.
Nov 29 2010 08:30:14: %ASA-6-113009: AAA retrieved default group policy (MyVpnPolicy2) for user = Testuser1
Nov 29 2010 08:30:14: %ASA-7-717036: Looking for a tunnel group match based on certificate maps for peer certificate with serial number: 6129BBD6000000000003, subject name: ea=Testuser1@mycompany.hu,cn=Testuser1,ou=Networking,o=Mycompany AG,l=Budapest,st=Budapest,c=HU, issuer_name: cn=Mycompany MS ROOT CA,dc=Mycompany,dc=Co.
Nov 29 2010 08:30:14: %ASA-7-717038: Tunnel group match found. Tunnel Group: AnyconnectTest, Peer certificate: serial number: 6129BBD6000000000003, subject name: ea=Testuser1@mycompany.hu,cn=Testuser1,ou=Networking,o=Mycompany AG,l=Budapest,st=Budapest,c=HU, issuer_name: cn=Mycompany MS ROOT CA,dc=Mycompany,dc=Co.
Nov 29 2010 08:30:14: %ASA-6-716038: Group User IP <81.57.28.18> Authentication: successful, Session Type: WebVPN.
Nov 29 2010 08:30:14: %ASA-7-734003: DAP: User , Addr 81.57.28.18: Session Attribute aaa.cisco.tunnelgroup = AnyconnectTest
Nov 29 2010 08:30:14: %ASA-6-734001: DAP: User , Addr 81.57.28.18, Connection AnyConnect: The following DAP records were selected for this connection: DfltAccessPolicy
Nov 29 2010 08:30:14: %ASA-6-716001: Group User IP <81.57.28.18> WebVPN session started.
Nov 29 2010 08:30:14: %ASA-7-720041: (VPN-Primary) Sending Create WebVPN Session message user Testuser1, IP 81.57.28.18 to standby unit
Nov 29 2010 08:30:14: %ASA-7-720041: (VPN-Primary) Sending WebVPN Session Mgr Data message Session Index 3833857 to standby unit
Nov 29 2010 08:30:14: %ASA-6-725007: SSL session with client outside:81.57.28.18/1135 terminated.
Nov 29 2010 08:30:14: %ASA-6-302014: Teardown TCP connection 37308 for outside:81.57.28.18/1135 to identity:13.13.13.13/444 duration 0:00:00 bytes 3458 TCP FINs
Nov 29 2010 08:30:14: %ASA-6-302013: Built inbound TCP connection 37309 for outside:81.57.28.18/1136 (81.57.28.18/1136) to identity:13.13.13.13/444 (13.13.13.13/444)
Nov 29 2010 08:30:14: %ASA-6-725001: Starting SSL handshake with client outside:81.57.28.18/1136 for TLSv1 session.
Nov 29 2010 08:30:14: %ASA-7-725010: Device supports the following 4 cipher(s).
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[1] : RC4-MD5
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[2] : DES-CBC3-SHA
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[3] : AES128-SHA
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[4] : AES256-SHA
Nov 29 2010 08:30:14: %ASA-7-725008: SSL client outside:81.57.28.18/1136 proposes the following 8 cipher(s).
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[1] : RC4-MD5
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[2] : RC4-SHA
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[3] : DES-CBC3-SHA
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[4] : DES-CBC-SHA
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[5] : EXP-RC4-MD5
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[6] : EXP-RC2-CBC-MD5
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[7] : EDH-DSS-DES-CBC3-SHA
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[8] : EDH-DSS-DES-CBC-SHA
Nov 29 2010 08:30:14: %ASA-7-725012: Device chooses cipher : RC4-MD5 for the SSL session with client outside:81.57.28.18/1136
Nov 29 2010 08:30:14: %ASA-6-302014: Teardown TCP connection 37309 for outside:81.57.28.18/1136 to identity:13.13.13.13/444 duration 0:00:00 bytes 2666 TCP Reset-I
Nov 29 2010 08:30:14: %ASA-6-302013: Built inbound TCP connection 37310 for outside:81.57.28.18/1137 (81.57.28.18/1137) to identity:13.13.13.13/444 (13.13.13.13/444)
Nov 29 2010 08:30:14: %ASA-6-725001: Starting SSL handshake with client outside:81.57.28.18/1137 for TLSv1 session.
Nov 29 2010 08:30:14: %ASA-7-725010: Device supports the following 4 cipher(s).
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[1] : RC4-MD5
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[2] : DES-CBC3-SHA
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[3] : AES128-SHA
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[4] : AES256-SHA
Nov 29 2010 08:30:14: %ASA-7-725008: SSL client outside:81.57.28.18/1137 proposes the following 8 cipher(s).
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[1] : RC4-MD5
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[2] : RC4-SHA
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[3] : DES-CBC3-SHA
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[4] : DES-CBC-SHA
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[5] : EXP-RC4-MD5
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[6] : EXP-RC2-CBC-MD5
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[7] : EDH-DSS-DES-CBC3-SHA
Nov 29 2010 08:30:14: %ASA-7-725011: Cipher[8] : EDH-DSS-DES-CBC-SHA
Nov 29 2010 08:30:14: %ASA-7-725012: Device chooses cipher : RC4-MD5 for the SSL session with client outside:81.57.28.18/1137
Nov 29 2010 08:30:14: %ASA-6-725002: Device completed SSL handshake with client outside:81.57.28.18/1137
Nov 29 2010 08:30:14: %ASA-6-302013: Built inbound TCP connection 37311 for outside:81.57.28.18/1138 (81.57.28.18/1138) to identity:13.13.13.13/444 (13.13.13.13/444)
Nov 29 2010 08:30:14: %ASA-6-725001: Starting SSL handshake with client outside:81.57.28.18/1138 for TLSv1 session.
Nov 29 2010 08:30:14: %ASA-6-725003: SSL client outside:81.57.28.18/1138 request to resume previous session.
Nov 29 2010 08:30:14: %ASA-6-725002: Device completed SSL handshake with client outside:81.57.28.18/1138
Nov 29 2010 08:30:14: %ASA-6-725007: SSL session with client outside:81.57.28.18/1137 terminated.
Nov 29 2010 08:30:14: %ASA-6-302014: Teardown TCP connection 37310 for outside:81.57.28.18/1137 to identity:13.13.13.13/444 duration 0:00:00 bytes 10798 TCP Reset-I
Nov 29 2010 08:30:14: %ASA-6-302013: Built inbound TCP connection 37312 for outside:81.57.28.18/1139 (81.57.28.18/1139) to identity:13.13.13.13/444 (13.13.13.13/444)
Nov 29 2010 08:30:14: %ASA-6-725001: Starting SSL handshake with client outside:81.57.28.18/1139 for TLSv1 session.
Nov 29 2010 08:30:14: %ASA-6-725003: SSL client outside:81.57.28.18/1139 request to resume previous session.
Nov 29 2010 08:30:14: %ASA-6-725002: Device completed SSL handshake with client outside:81.57.28.18/1139
Nov 29 2010 08:30:14: %ASA-6-725007: SSL session with client outside:81.57.28.18/1138 terminated.
Nov 29 2010 08:30:14: %ASA-6-302014: Teardown TCP connection 37311 for outside:81.57.28.18/1138 to identity:13.13.13.13/444 duration 0:00:00 bytes 234 TCP Reset-I
Nov 29 2010 08:30:14: %ASA-6-302013: Built inbound TCP connection 37313 for outside:81.57.28.18/1140 (81.57.28.18/1140) to identity:13.13.13.13/444 (13.13.13.13/444)
Nov 29 2010 08:30:14: %ASA-6-725001: Starting SSL handshake with client outside:81.57.28.18/1140 for TLSv1 session.
Nov 29 2010 08:30:14: %ASA-6-725003: SSL client outside:81.57.28.18/1140 request to resume previous session.
Nov 29 2010 08:30:14: %ASA-6-725002: Device completed SSL handshake with client outside:81.57.28.18/1140
Nov 29 2010 08:30:14: %ASA-6-725007: SSL session with client outside:81.57.28.18/1139 terminated.
Nov 29 2010 08:30:14: %ASA-6-302014: Teardown TCP connection 37312 for outside:81.57.28.18/1139 to identity:13.13.13.13/444 duration 0:00:00 bytes 8361 TCP Reset-I
Nov 29 2010 08:30:14: %ASA-6-302013: Built inbound TCP connection 37314 for outside:81.57.28.18/1141 (81.57.28.18/1141) to identity:13.13.13.13/444 (13.13.13.13/444)
Nov 29 2010 08:30:14: %ASA-6-725001: Starting SSL handshake with client outside:81.57.28.18/1141 for TLSv1 session.
Nov 29 2010 08:30:14: %ASA-6-725003: SSL client outside:81.57.28.18/1141 request to resume previous session.
Nov 29 2010 08:30:14: %ASA-6-725002: Device completed SSL handshake with client outside:81.57.28.18/1141
Nov 29 2010 08:30:15: %ASA-6-302013: Built inbound TCP connection 37315 for outside:81.57.28.18/1143 (81.57.28.18/1143) to identity:13.13.13.13/444 (13.13.13.13/444)
Nov 29 2010 08:30:15: %ASA-6-725001: Starting SSL handshake with client outside:81.57.28.18/1143 for TLSv1 session.
Nov 29 2010 08:30:15: %ASA-7-725010: Device supports the following 4 cipher(s).
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[1] : RC4-MD5
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[2] : DES-CBC3-SHA
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[3] : AES128-SHA
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[4] : AES256-SHA
Nov 29 2010 08:30:15: %ASA-7-725008: SSL client outside:81.57.28.18/1143 proposes the following 8 cipher(s).
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[1] : RC4-MD5
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[2] : RC4-SHA
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[3] : DES-CBC3-SHA
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[4] : DES-CBC-SHA
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[5] : EXP-RC4-MD5
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[6] : EXP-RC2-CBC-MD5
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[7] : EDH-DSS-DES-CBC3-SHA
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[8] : EDH-DSS-DES-CBC-SHA
Nov 29 2010 08:30:15: %ASA-7-725012: Device chooses cipher : RC4-MD5 for the SSL session with client outside:81.57.28.18/1143
Nov 29 2010 08:30:15: %ASA-6-302014: Teardown TCP connection 37315 for outside:81.57.28.18/1143 to identity:13.13.13.13/444 duration 0:00:00 bytes 2666 TCP Reset-I
Nov 29 2010 08:30:15: %ASA-6-302013: Built inbound TCP connection 37316 for outside:81.57.28.18/1144 (81.57.28.18/1144) to identity:13.13.13.13/444 (13.13.13.13/444)
Nov 29 2010 08:30:15: %ASA-6-725001: Starting SSL handshake with client outside:81.57.28.18/1144 for TLSv1 session.
Nov 29 2010 08:30:15: %ASA-7-725010: Device supports the following 4 cipher(s).
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[1] : RC4-MD5
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[2] : DES-CBC3-SHA
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[3] : AES128-SHA
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[4] : AES256-SHA
Nov 29 2010 08:30:15: %ASA-7-725008: SSL client outside:81.57.28.18/1144 proposes the following 8 cipher(s).
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[1] : RC4-MD5
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[2] : RC4-SHA
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[3] : DES-CBC3-SHA
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[4] : DES-CBC-SHA
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[5] : EXP-RC4-MD5
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[6] : EXP-RC2-CBC-MD5
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[7] : EDH-DSS-DES-CBC3-SHA
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[8] : EDH-DSS-DES-CBC-SHA
Nov 29 2010 08:30:15: %ASA-7-725012: Device chooses cipher : RC4-MD5 for the SSL session with client outside:81.57.28.18/1144
Nov 29 2010 08:30:15: %ASA-6-725002: Device completed SSL handshake with client outside:81.57.28.18/1144
Nov 29 2010 08:30:15: %ASA-6-302013: Built inbound TCP connection 37317 for outside:81.57.28.18/1146 (81.57.28.18/1146) to identity:13.13.13.13/444 (13.13.13.13/444)
Nov 29 2010 08:30:15: %ASA-6-725001: Starting SSL handshake with client outside:81.57.28.18/1146 for TLSv1 session.
Nov 29 2010 08:30:15: %ASA-7-725010: Device supports the following 4 cipher(s).
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[1] : RC4-MD5
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[2] : DES-CBC3-SHA
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[3] : AES128-SHA
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[4] : AES256-SHA
Nov 29 2010 08:30:15: %ASA-7-725008: SSL client outside:81.57.28.18/1146 proposes the following 6 cipher(s).
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[1] : AES256-SHA
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[2] : AES128-SHA
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[3] : DES-CBC3-SHA
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[4] : RC4-SHA
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[5] : RC4-MD5
Nov 29 2010 08:30:15: %ASA-7-725011: Cipher[6] : DES-CBC-SHA
Nov 29 2010 08:30:15: %ASA-7-725012: Device chooses cipher : RC4-MD5 for the SSL session with client outside:81.57.28.18/1146
Nov 29 2010 08:30:15: %ASA-6-725002: Device completed SSL handshake with client outside:81.57.28.18/1146
Nov 29 2010 08:30:15: %ASA-7-737001: IPAA: Received message ‘UTL_IP_[IKE_]ADDR_REQ’
Nov 29 2010 08:30:15: %ASA-6-737017: IPAA: DHCP request attempt 1 succeeded
Nov 29 2010 08:30:15: %ASA-6-737005: IPAA: DHCP configured, request succeeded for tunnel-group ‘AnyconnectTest’
Nov 29 2010 08:30:15: %ASA-3-106014: Deny inbound icmp src inside:8.8.8.8 dst inside:6.6.6.144 (type 8, code 0)
Nov 29 2010 08:30:16: %ASA-6-302015: Built inbound UDP connection 37318 for inside:8.8.8.8/67 (8.8.8.8/67) to identity:6.6.6.0/67 (6.6.6.0/67)
Nov 29 2010 08:30:16: %ASA-7-720041: (VPN-Primary) Sending New DHCP Lease message (server 8.8.8.8, request 0.0.0.0, assigned 6.6.6.144) to standby unit
Nov 29 2010 08:30:16: %ASA-7-737001: IPAA: Received message ‘UTL_IP_DHCP_ADDR’
Nov 29 2010 08:30:16: %ASA-7-720041: (VPN-Primary) Sending Update SVC Addr Data message Session Index 3833856 to standby unit
Nov 29 2010 08:30:16: %ASA-7-609001: Built local-host outside 6.6.6.144
Nov 29 2010 08:30:16: %ASA-5-722033: Group User IP <81.57.28.18> First TCP SVC connection established for SVC session.
Nov 29 2010 08:30:16: %ASA-6-722022: Group User IP <81.57.28.18> TCP SVC connection established without compression
Nov 29 2010 08:30:16: %ASA-7-720041: (VPN-Primary) Sending WebVPN Session Mgr Data message Session Index 3833858 to standby unit
Nov 29 2010 08:30:16: %ASA-4-722051: Group User IP <81.57.28.18> Address <6.6.6.144> assigned to session
Nov 29 2010 08:30:16: %ASA-6-734001: DAP: User , Addr 81.57.28.18, Connection AnyConnect: The following DAP records were selected for this connection: DfltAccessPolicy
Nov 29 2010 08:30:17: %ASA-6-302015: Built inbound UDP connection 37320 for outside:81.57.28.18/1152 (81.57.28.18/1152) to identity:13.13.13.13/444 (13.13.13.13/444)
Nov 29 2010 08:30:17: %ASA-6-725001: Starting SSL handshake with client outside:81.57.28.18/1152 for DTLSv1 session.
Nov 29 2010 08:30:17: %ASA-6-725003: SSL client outside:81.57.28.18/1152 request to resume previous session.
Nov 29 2010 08:30:17: %ASA-6-725002: Device completed SSL handshake with client outside:81.57.28.18/1152
Nov 29 2010 08:30:17: %ASA-5-722033: Group User IP <81.57.28.18> First UDP SVC connection established for SVC session.
Nov 29 2010 08:30:17: %ASA-6-722022: Group User IP <81.57.28.18> UDP SVC connection established without compression
Nov 29 2010 08:30:17: %ASA-7-720041: (VPN-Primary) Sending WebVPN Session Mgr Data message Session Index 3833859 to standby unit
Nov 29 2010 08:30:17: %ASA-6-106012: Deny IP from 6.6.6.144 to 224.0.0.22, IP options: “Router Alert”
Nov 29 2010 08:30:17: %ASA-7-710006: IGMP request discarded from 6.6.6.144 to outside:224.0.0.22
Nov 29 2010 08:30:18: %ASA-6-302014: Teardown TCP connection 37316 for outside:81.57.28.18/1144 to identity:13.13.13.13/444 duration 0:00:02 bytes 4013 TCP Reset-O
Nov 29 2010 08:30:18: %ASA-6-725007: SSL session with client outside:81.57.28.18/1144 terminated.

With the show commands we can check our logged in users.

# show vpn-sessiondb svc
.
Session Type: SVC
Username :Testuser1  Index : 930
Assigned IP : 6.6.6.144 Public IP : 81.57.28.18
Protocol : Clientless SSL-Tunnel DTLS-Tunnel
License : SSL VPN
Encryption : 3DES RC4 Hashing : MD5 SHA1
Bytes Tx : 19985 Bytes Rx : 4735
Group Policy : MyVpnPolicy2 Tunnel Group : AnyconnectTest
Login Time : 08:17:10 GMT Mon Nov 29 2010
Duration : 0h:03m:48s
Inactivity : 0h:00m:00s
NAC Result : Unknown
VLAN Mapping : N/A VLAN : none

And if the user successfully disconnects, we should see that in the logs.

Nov 29 2010 08:32:17: %ASA-6-302016: Teardown UDP connection 37320 for outside:81.57.28.18/1152 to identity:13.13.13.13/444 duration 0:02:00 bytes 2255
Nov 29 2010 08:32:17: %ASA-6-725007: SSL session with client outside:81.57.28.18/1152 terminated.
Nov 29 2010 08:32:17: %ASA-6-722023: Group User IP <81.57.28.18> UDP SVC connection terminated without compression
Nov 29 2010 08:32:17: %ASA-5-722012: Group User IP <81.57.28.18> SVC Message: 16/NOTICE: The user has requested to disconnect the connection..
Nov 29 2010 08:32:17: %ASA-7-720041: (VPN-Primary) Sending Delete WebVPN Session message user Testuser1, IP 81.57.28.18 to standby unit
Nov 29 2010 08:32:17: %ASA-5-722037: Group User IP <81.57.28.18> SVC closing connection: User Requested.
Nov 29 2010 08:32:17: %ASA-6-716002: Group User IP <81.57.28.18> WebVPN session terminated: User Requested.
Nov 29 2010 08:32:17: %ASA-4-113019: Group = AnyconnectTest, Username = Testuser1, IP = 81.57.28.18, Session disconnected. Session Type: SSL, Duration: 0h:02m:04s, Bytes xmt: 19985, Bytes rcv: 4832, Reason: User Requested
Nov 29 2010 08:32:17: %ASA-6-737015: IPAA: Freeing DHCP address 6.6.6.144
Nov 29 2010 08:32:17: %ASA-7-720041: (VPN-Primary) Sending Delete DHCP Lease message (dhcp handle 0x978da2f) to standby unit
Nov 29 2010 08:32:17: %ASA-6-722023: Group User IP <81.57.28.18> TCP SVC connection terminated without compression
Nov 29 2010 08:32:17: %ASA-6-725007: SSL session with client outside:81.57.28.18/1146 terminated.
Nov 29 2010 08:32:17: %ASA-6-302014: Teardown TCP connection 37317 for outside:81.57.28.18/1146 to identity:13.13.13.13/444 duration 0:02:02 bytes 3575 TCP Reset-I
Advertisements
Posted in: ASA, Cisco, Security, VPN