GNS3
http://forum.gns3.net/

DTLS on asa 8.4.2 Not working help please
http://forum.gns3.net/topic8178.html
Page 1 of 1

Author:  CMD [ Mon Jan 13, 2014 6:31 pm ]
Post subject:  DTLS on asa 8.4.2 Not working help please

Hi All

i have setup GNS3 And Anyconect Vpn asa 8.4.2
and i want to my user connect with DTLS but they connect tls
i have enable DTLS but my user continue connect via TLS
how i cat set Anyconect to use DTLS
Is it a bug in GNS3 ?
or
Is it a bug in asa img ?
Please help me

Author:  CMD [ Mon Jan 13, 2014 6:31 pm ]
Post subject:  Re: DTLS on asa 8.4.2 Not working help please

DTLS enabled on :

•Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles > Access interfaces

•Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > Anyconnect client

•Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > Anyconnect client

•Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account > VPN Policy > Anyconnect client

And



Network Test: VMware And Physical Network

GNS3 Run On : Windows XP And 7 And 8 And Windows Server 2008 And Windows Server 2012

NIC Model : pcnet , e1000 , i82557b

ASA : 802 And 842

DTLS Port Test : 443 , 888 , 9999 , 1234 , 8888 , 443
HTTPS port Test : 443 , 443 , 9999 , 1234 , 8888 , 888

Methods Testing : AAA , Certificate , Both , Radius

All Testing is failed

DTLS Not Working


Log :


6|Jan 14 2014|15:05:27|302014|80.254.145.118|80|50.50.50.1|49172|Teardown TCP connection 191 for oustide:80.254.145.118/80 to inside:50.50.50.1/49172 duration 0:00:01 bytes 430 TCP FINs (admin)

6|Jan 14 2014|15:05:26|302014|80.254.145.118|80|50.50.50.1|49170|Teardown TCP connection 186 for oustide:80.254.145.118/80 to inside:50.50.50.1/49170 duration 0:00:04 bytes 72019 TCP FINs (admin)

6|Jan 14 2014|15:05:26|302015|50.50.50.1|51145|8.8.8.8|53|Built outbound UDP connection 193 for oustide:8.8.8.8/53 (8.8.8.8/53) to inside:50.50.50.1/51145 (50.50.50.1/51145) (admin)

6|Jan 14 2014|15:05:26|302015|50.50.50.1|63318|8.8.8.8|53|Built outbound UDP connection 192 for oustide:8.8.8.8/53 (8.8.8.8/53) to inside:50.50.50.1/63318 (50.50.50.1/63318) (admin)

6|Jan 14 2014|15:05:26|302013|50.50.50.1|49172|80.254.145.118|80|Built outbound TCP connection 191 for oustide:80.254.145.118/80 (80.254.145.118/80) to inside:50.50.50.1/49172 (50.50.50.1/49172) (admin)

6|Jan 14 2014|15:05:26|722036|||||Group <DfltGrpPolicy> User <admin> IP <192.168.10.244> Transmitting large packet 1500 (threshold 1399).
6|Jan 14 2014|15:05:26|722036|||||Group <DfltGrpPolicy> User <admin> IP <192.168.10.244> Transmitting large packet 1500 (threshold 1399).

6|Jan 14 2014|15:05:26|302015|50.50.50.1|64601|8.8.8.8|53|Built outbound UDP connection 190 for oustide:8.8.8.8/53 (8.8.8.8/53) to inside:50.50.50.1/64601 (50.50.50.1/64601) (admin)
6|Jan 14 2014|15:05:26|302015|50.50.50.1|59552|8.8.8.8|53|Built outbound UDP connection 189 for oustide:8.8.8.8/53 (8.8.8.8/53) to inside:50.50.50.1/59552 (50.50.50.1/59552) (admin)

6|Jan 14 2014|15:05:26|722036|||||Group <DfltGrpPolicy> User <admin> IP <192.168.10.244> Transmitting large packet 1500 (threshold 1399).
6|Jan 14 2014|15:05:26|722036|||||Group <DfltGrpPolicy> User <admin> IP <192.168.10.244> Transmitting large packet 1500 (threshold 1399).

6|Jan 14 2014|15:05:24|302014|80.254.145.100|443|50.50.50.1|49171|Teardown TCP connection 188 for oustide:80.254.145.100/443 to inside:50.50.50.1/49171 duration 0:00:01 bytes 3421 TCP FINs (admin)

6|Jan 14 2014|15:05:23|722036|||||Group <DfltGrpPolicy> User <admin> IP <192.168.10.244> Transmitting large packet 1500 (threshold 1399).

6|Jan 14 2014|15:05:22|302013|50.50.50.1|49171|80.254.145.100|443|Built outbound TCP connection 188 for oustide:80.254.145.100/443 (80.254.145.100/443) to inside:50.50.50.1/49171 (50.50.50.1/49171) (admin)

6|Jan 14 2014|15:05:22|302015|50.50.50.1|138|50.50.50.255|138|Built outbound UDP connection 187 for oustide:50.50.50.255/138 (50.50.50.255/138) to inside:50.50.50.1/138 (50.50.50.1/138) (admin)

6|Jan 14 2014|15:05:22|302013|50.50.50.1|49170|80.254.145.118|80|Built outbound TCP connection 186 for oustide:80.254.145.118/80 (80.254.145.118/80) to inside:50.50.50.1/49170
(50.50.50.1/49170) (admin)

6|Jan 14 2014|15:05:22|302015|50.50.50.1|56882|8.8.8.8|53|Built outbound UDP connection 185 for oustide:8.8.8.8/53 (8.8.8.8/53) to inside:50.50.50.1/56882 (50.50.50.1/56882) (admin)

6|Jan 14 2014|15:05:20|302015|8.8.8.8|53|50.50.50.1|55836|Built inbound UDP connection 184 for inside:8.8.8.8/53 (8.8.8.8/53) to inside:50.50.50.1/55836 (50.50.50.1/55836)

6|Jan 14 2014|15:05:19|302015|50.50.50.1|55836|8.8.8.8|53|Built outbound UDP connection 183 for oustide:8.8.8.8/53 (8.8.8.8/53) to inside:50.50.50.1/55836 (50.50.50.1/55836) (admin)

6|Jan 14 2014|15:05:17|725003|192.168.10.244|65026|||SSL client inside:192.168.10.244/65026 request to resume previous session.

6|Jan 14 2014|15:05:17|302015|50.50.50.1|137|50.50.50.255|137|Built outbound UDP connection 182 for oustide:50.50.50.255/137 (50.50.50.255/137) to inside:50.50.50.1/137 (50.50.50.1/137) (admin)


6|Jan 14 2014|15:05:17|725001|192.168.10.244|65026|||Starting SSL handshake with client inside:192.168.10.244/65026 for DTLSv1 session.


6|Jan 14 2014|15:05:17|302015|192.168.10.244|65026|192.168.10.9|443|Built inbound UDP connection 181 for inside:192.168.10.244/65026 (192.168.10.244/65026) to identity:192.168.10.9/443 (192.168.10.9/443)

6|Jan 14 2014|15:05:15|734001|||||DAP: User admin, Addr 192.168.10.244, Connection AnyConnect: The following DAP records were selected for this connection: DfltAccessPolicy
4|Jan 14 2014|15:05:15|722051|||||Group <DfltGrpPolicy> User <admin> IP <192.168.10.244> Address <50.50.50.1> assigned to session
6|Jan 14 2014|15:05:15|722022|||||Group <DfltGrpPolicy> User <admin> IP <192.168.10.244> TCP SVC connection established without compression
5|Jan 14 2014|15:05:15|722033|||||Group <DfltGrpPolicy> User <admin> IP <192.168.10.244> First TCP SVC connection established for SVC session.
4|Jan 14 2014|15:05:15|722041|||||TunnelGroup <User> GroupPolicy <DfltGrpPolicy> User <admin> IP <192.168.10.244> No IPv6 address available for SVC connection
6|Jan 14 2014|15:05:15|737006|||||IPAA: Local pool request succeeded for tunnel-group 'User'
6|Jan 14 2014|15:05:15|737026|||||IPAA: Client assigned 50.50.50.1 from local pool
5|Jan 14 2014|15:05:15|737003|||||IPAA: DHCP configured, no viable servers found for tunnel-group 'User'


[b]6|Jan 14 2014|15:05:15|725002|192.168.10.244|49169|||Device completed SSL handshake with client inside:192.168.10.244/49169[/b]


6|Jan 14 2014|15:05:15|725001|192.168.10.244|49169|||Starting SSL handshake with client inside:192.168.10.244/49169 for TLSv1 session.
6|Jan 14 2014|15:05:15|302013|192.168.10.244|49169|192.168.10.9|443|Built inbound TCP connection 180 for inside:192.168.10.244/49169 (192.168.10.244/49169) to identity:192.168.10.9/443 (192.168.10.9/443)

6|Jan 14 2014|15:05:10|302014|192.168.10.244|49166|192.168.10.9|443|Teardown TCP connection 179 for inside:192.168.10.244/49166 to identity:192.168.10.9/443 duration 0:00:00 bytes 4888 TCP Reset-I

6|Jan 14 2014|15:05:10|725007|192.168.10.244|49166|||SSL session with client inside:192.168.10.244/49166 terminated.
6|Jan 14 2014|15:05:09|113039|||||Group <DfltGrpPolicy> User <admin> IP <192.168.10.244> AnyConnect parent session started.
6|Jan 14 2014|15:05:09|734001|||||DAP: User admin, Addr 192.168.10.244, Connection AnyConnect: The following DAP records were selected for this connection: DfltAccessPolicy
6|Jan 14 2014|15:05:09|113008|||||AAA transaction status ACCEPT : user = admin
6|Jan 14 2014|15:05:09|113009|||||AAA retrieved default group policy (DfltGrpPolicy) for user = admin
6|Jan 14 2014|15:05:09|113012|||||AAA user authentication Successful : local database : user = admin
6|Jan 14 2014|15:05:09|725002|192.168.10.244|49166|||Device completed SSL handshake with client inside:192.168.10.244/49166
6|Jan 14 2014|15:05:09|725003|192.168.10.244|49166|||SSL client inside:192.168.10.244/49166 request to resume previous session.
6|Jan 14 2014|15:05:09|725001|192.168.10.244|49166|||Starting SSL handshake with client inside:192.168.10.244/49166 for TLSv1 session.

6|Jan 14 2014|15:05:09|302013|192.168.10.244|49166|192.168.10.9|443|Built inbound TCP connection 179 for inside:192.168.10.244/49166 (192.168.10.244/49166) to identity:192.168.10.9/443 (192.168.10.9/443)

6|Jan 14 2014|15:05:04|302014|192.168.10.244|49165|192.168.10.9|443|Teardown TCP connection 178 for inside:192.168.10.244/49165 to identity:192.168.10.9/443 duration 0:00:00 bytes 1145 TCP Reset-I

6|Jan 14 2014|15:05:04|725007|192.168.10.244|49165|||SSL session with client inside:192.168.10.244/49165 terminated.
6|Jan 14 2014|15:05:04|725002|192.168.10.244|49165|||Device completed SSL handshake with client inside:192.168.10.244/49165
6|Jan 14 2014|15:05:04|725003|192.168.10.244|49165|||SSL client inside:192.168.10.244/49165 request to resume previous session.
6|Jan 14 2014|15:05:04|725001|192.168.10.244|49165|||Starting SSL handshake with client inside:192.168.10.244/49165 for TLSv1 session.

6|Jan 14 2014|15:05:04|302013|192.168.10.244|49165|192.168.10.9|443|Built inbound TCP connection 178 for inside:192.168.10.244/49165 (192.168.10.244/49165) to identity:192.168.10.9/443 (192.168.10.9/443)

6|Jan 14 2014|15:05:03|302014|192.168.10.244|49164|192.168.10.9|443|Teardown TCP connection 177 for inside:192.168.10.244/49164 to identity:192.168.10.9/443 duration 0:00:00 bytes 587 TCP Reset-I

6|Jan 14 2014|15:05:03|725007|192.168.10.244|49164|||SSL session with client inside:192.168.10.244/49164 terminated.
6|Jan 14 2014|15:05:02|725002|192.168.10.244|49164|||Device completed SSL handshake with client inside:192.168.10.244/49164
6|Jan 14 2014|15:05:02|725001|192.168.10.244|49164|||Starting SSL handshake with client inside:192.168.10.244/49164 for TLSv1 session.

6|Jan 14 2014|15:05:02|302013|192.168.10.244|49164|192.168.10.9|443|Built inbound TCP connection 177 for inside:192.168.10.244/49164 (192.168.10.244/49164) to identity:192.168.10.9/443 (192.168.10.9/443)

Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/