It is currently Fri Aug 14, 2020 8:26 am


All times are UTC




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: DTLS on asa 8.4.2 Not working help please
PostPosted: Mon Jan 13, 2014 6:31 pm 
Offline

Joined: Sun Jan 12, 2014 11:29 pm
Posts: 5
Hi All

i have setup GNS3 And Anyconect Vpn asa 8.4.2
and i want to my user connect with DTLS but they connect tls
i have enable DTLS but my user continue connect via TLS
how i cat set Anyconect to use DTLS
Is it a bug in GNS3 ?
or
Is it a bug in asa img ?
Please help me




Top
 Profile  
 
 Post subject: Re: DTLS on asa 8.4.2 Not working help please
PostPosted: Mon Jan 13, 2014 6:31 pm 
Offline

Joined: Sun Jan 12, 2014 11:29 pm
Posts: 5
DTLS enabled on :

•Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles > Access interfaces

•Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > Anyconnect client

•Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > Anyconnect client

•Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account > VPN Policy > Anyconnect client

And



Network Test: VMware And Physical Network

GNS3 Run On : Windows XP And 7 And 8 And Windows Server 2008 And Windows Server 2012

NIC Model : pcnet , e1000 , i82557b

ASA : 802 And 842

DTLS Port Test : 443 , 888 , 9999 , 1234 , 8888 , 443
HTTPS port Test : 443 , 443 , 9999 , 1234 , 8888 , 888

Methods Testing : AAA , Certificate , Both , Radius

All Testing is failed

DTLS Not Working


Log :


6|Jan 14 2014|15:05:27|302014|80.254.145.118|80|50.50.50.1|49172|Teardown TCP connection 191 for oustide:80.254.145.118/80 to inside:50.50.50.1/49172 duration 0:00:01 bytes 430 TCP FINs (admin)

6|Jan 14 2014|15:05:26|302014|80.254.145.118|80|50.50.50.1|49170|Teardown TCP connection 186 for oustide:80.254.145.118/80 to inside:50.50.50.1/49170 duration 0:00:04 bytes 72019 TCP FINs (admin)

6|Jan 14 2014|15:05:26|302015|50.50.50.1|51145|8.8.8.8|53|Built outbound UDP connection 193 for oustide:8.8.8.8/53 (8.8.8.8/53) to inside:50.50.50.1/51145 (50.50.50.1/51145) (admin)

6|Jan 14 2014|15:05:26|302015|50.50.50.1|63318|8.8.8.8|53|Built outbound UDP connection 192 for oustide:8.8.8.8/53 (8.8.8.8/53) to inside:50.50.50.1/63318 (50.50.50.1/63318) (admin)

6|Jan 14 2014|15:05:26|302013|50.50.50.1|49172|80.254.145.118|80|Built outbound TCP connection 191 for oustide:80.254.145.118/80 (80.254.145.118/80) to inside:50.50.50.1/49172 (50.50.50.1/49172) (admin)

6|Jan 14 2014|15:05:26|722036|||||Group <DfltGrpPolicy> User <admin> IP <192.168.10.244> Transmitting large packet 1500 (threshold 1399).
6|Jan 14 2014|15:05:26|722036|||||Group <DfltGrpPolicy> User <admin> IP <192.168.10.244> Transmitting large packet 1500 (threshold 1399).

6|Jan 14 2014|15:05:26|302015|50.50.50.1|64601|8.8.8.8|53|Built outbound UDP connection 190 for oustide:8.8.8.8/53 (8.8.8.8/53) to inside:50.50.50.1/64601 (50.50.50.1/64601) (admin)
6|Jan 14 2014|15:05:26|302015|50.50.50.1|59552|8.8.8.8|53|Built outbound UDP connection 189 for oustide:8.8.8.8/53 (8.8.8.8/53) to inside:50.50.50.1/59552 (50.50.50.1/59552) (admin)

6|Jan 14 2014|15:05:26|722036|||||Group <DfltGrpPolicy> User <admin> IP <192.168.10.244> Transmitting large packet 1500 (threshold 1399).
6|Jan 14 2014|15:05:26|722036|||||Group <DfltGrpPolicy> User <admin> IP <192.168.10.244> Transmitting large packet 1500 (threshold 1399).

6|Jan 14 2014|15:05:24|302014|80.254.145.100|443|50.50.50.1|49171|Teardown TCP connection 188 for oustide:80.254.145.100/443 to inside:50.50.50.1/49171 duration 0:00:01 bytes 3421 TCP FINs (admin)

6|Jan 14 2014|15:05:23|722036|||||Group <DfltGrpPolicy> User <admin> IP <192.168.10.244> Transmitting large packet 1500 (threshold 1399).

6|Jan 14 2014|15:05:22|302013|50.50.50.1|49171|80.254.145.100|443|Built outbound TCP connection 188 for oustide:80.254.145.100/443 (80.254.145.100/443) to inside:50.50.50.1/49171 (50.50.50.1/49171) (admin)

6|Jan 14 2014|15:05:22|302015|50.50.50.1|138|50.50.50.255|138|Built outbound UDP connection 187 for oustide:50.50.50.255/138 (50.50.50.255/138) to inside:50.50.50.1/138 (50.50.50.1/138) (admin)

6|Jan 14 2014|15:05:22|302013|50.50.50.1|49170|80.254.145.118|80|Built outbound TCP connection 186 for oustide:80.254.145.118/80 (80.254.145.118/80) to inside:50.50.50.1/49170
(50.50.50.1/49170) (admin)

6|Jan 14 2014|15:05:22|302015|50.50.50.1|56882|8.8.8.8|53|Built outbound UDP connection 185 for oustide:8.8.8.8/53 (8.8.8.8/53) to inside:50.50.50.1/56882 (50.50.50.1/56882) (admin)

6|Jan 14 2014|15:05:20|302015|8.8.8.8|53|50.50.50.1|55836|Built inbound UDP connection 184 for inside:8.8.8.8/53 (8.8.8.8/53) to inside:50.50.50.1/55836 (50.50.50.1/55836)

6|Jan 14 2014|15:05:19|302015|50.50.50.1|55836|8.8.8.8|53|Built outbound UDP connection 183 for oustide:8.8.8.8/53 (8.8.8.8/53) to inside:50.50.50.1/55836 (50.50.50.1/55836) (admin)

6|Jan 14 2014|15:05:17|725003|192.168.10.244|65026|||SSL client inside:192.168.10.244/65026 request to resume previous session.

6|Jan 14 2014|15:05:17|302015|50.50.50.1|137|50.50.50.255|137|Built outbound UDP connection 182 for oustide:50.50.50.255/137 (50.50.50.255/137) to inside:50.50.50.1/137 (50.50.50.1/137) (admin)


6|Jan 14 2014|15:05:17|725001|192.168.10.244|65026|||Starting SSL handshake with client inside:192.168.10.244/65026 for DTLSv1 session.


6|Jan 14 2014|15:05:17|302015|192.168.10.244|65026|192.168.10.9|443|Built inbound UDP connection 181 for inside:192.168.10.244/65026 (192.168.10.244/65026) to identity:192.168.10.9/443 (192.168.10.9/443)

6|Jan 14 2014|15:05:15|734001|||||DAP: User admin, Addr 192.168.10.244, Connection AnyConnect: The following DAP records were selected for this connection: DfltAccessPolicy
4|Jan 14 2014|15:05:15|722051|||||Group <DfltGrpPolicy> User <admin> IP <192.168.10.244> Address <50.50.50.1> assigned to session
6|Jan 14 2014|15:05:15|722022|||||Group <DfltGrpPolicy> User <admin> IP <192.168.10.244> TCP SVC connection established without compression
5|Jan 14 2014|15:05:15|722033|||||Group <DfltGrpPolicy> User <admin> IP <192.168.10.244> First TCP SVC connection established for SVC session.
4|Jan 14 2014|15:05:15|722041|||||TunnelGroup <User> GroupPolicy <DfltGrpPolicy> User <admin> IP <192.168.10.244> No IPv6 address available for SVC connection
6|Jan 14 2014|15:05:15|737006|||||IPAA: Local pool request succeeded for tunnel-group 'User'
6|Jan 14 2014|15:05:15|737026|||||IPAA: Client assigned 50.50.50.1 from local pool
5|Jan 14 2014|15:05:15|737003|||||IPAA: DHCP configured, no viable servers found for tunnel-group 'User'


[b]6|Jan 14 2014|15:05:15|725002|192.168.10.244|49169|||Device completed SSL handshake with client inside:192.168.10.244/49169[/b]


6|Jan 14 2014|15:05:15|725001|192.168.10.244|49169|||Starting SSL handshake with client inside:192.168.10.244/49169 for TLSv1 session.
6|Jan 14 2014|15:05:15|302013|192.168.10.244|49169|192.168.10.9|443|Built inbound TCP connection 180 for inside:192.168.10.244/49169 (192.168.10.244/49169) to identity:192.168.10.9/443 (192.168.10.9/443)

6|Jan 14 2014|15:05:10|302014|192.168.10.244|49166|192.168.10.9|443|Teardown TCP connection 179 for inside:192.168.10.244/49166 to identity:192.168.10.9/443 duration 0:00:00 bytes 4888 TCP Reset-I

6|Jan 14 2014|15:05:10|725007|192.168.10.244|49166|||SSL session with client inside:192.168.10.244/49166 terminated.
6|Jan 14 2014|15:05:09|113039|||||Group <DfltGrpPolicy> User <admin> IP <192.168.10.244> AnyConnect parent session started.
6|Jan 14 2014|15:05:09|734001|||||DAP: User admin, Addr 192.168.10.244, Connection AnyConnect: The following DAP records were selected for this connection: DfltAccessPolicy
6|Jan 14 2014|15:05:09|113008|||||AAA transaction status ACCEPT : user = admin
6|Jan 14 2014|15:05:09|113009|||||AAA retrieved default group policy (DfltGrpPolicy) for user = admin
6|Jan 14 2014|15:05:09|113012|||||AAA user authentication Successful : local database : user = admin
6|Jan 14 2014|15:05:09|725002|192.168.10.244|49166|||Device completed SSL handshake with client inside:192.168.10.244/49166
6|Jan 14 2014|15:05:09|725003|192.168.10.244|49166|||SSL client inside:192.168.10.244/49166 request to resume previous session.
6|Jan 14 2014|15:05:09|725001|192.168.10.244|49166|||Starting SSL handshake with client inside:192.168.10.244/49166 for TLSv1 session.

6|Jan 14 2014|15:05:09|302013|192.168.10.244|49166|192.168.10.9|443|Built inbound TCP connection 179 for inside:192.168.10.244/49166 (192.168.10.244/49166) to identity:192.168.10.9/443 (192.168.10.9/443)

6|Jan 14 2014|15:05:04|302014|192.168.10.244|49165|192.168.10.9|443|Teardown TCP connection 178 for inside:192.168.10.244/49165 to identity:192.168.10.9/443 duration 0:00:00 bytes 1145 TCP Reset-I

6|Jan 14 2014|15:05:04|725007|192.168.10.244|49165|||SSL session with client inside:192.168.10.244/49165 terminated.
6|Jan 14 2014|15:05:04|725002|192.168.10.244|49165|||Device completed SSL handshake with client inside:192.168.10.244/49165
6|Jan 14 2014|15:05:04|725003|192.168.10.244|49165|||SSL client inside:192.168.10.244/49165 request to resume previous session.
6|Jan 14 2014|15:05:04|725001|192.168.10.244|49165|||Starting SSL handshake with client inside:192.168.10.244/49165 for TLSv1 session.

6|Jan 14 2014|15:05:04|302013|192.168.10.244|49165|192.168.10.9|443|Built inbound TCP connection 178 for inside:192.168.10.244/49165 (192.168.10.244/49165) to identity:192.168.10.9/443 (192.168.10.9/443)

6|Jan 14 2014|15:05:03|302014|192.168.10.244|49164|192.168.10.9|443|Teardown TCP connection 177 for inside:192.168.10.244/49164 to identity:192.168.10.9/443 duration 0:00:00 bytes 587 TCP Reset-I

6|Jan 14 2014|15:05:03|725007|192.168.10.244|49164|||SSL session with client inside:192.168.10.244/49164 terminated.
6|Jan 14 2014|15:05:02|725002|192.168.10.244|49164|||Device completed SSL handshake with client inside:192.168.10.244/49164
6|Jan 14 2014|15:05:02|725001|192.168.10.244|49164|||Starting SSL handshake with client inside:192.168.10.244/49164 for TLSv1 session.

6|Jan 14 2014|15:05:02|302013|192.168.10.244|49164|192.168.10.9|443|Built inbound TCP connection 177 for inside:192.168.10.244/49164 (192.168.10.244/49164) to identity:192.168.10.9/443 (192.168.10.9/443)




Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group

phpBB SEO