Cisco AnyConnect on IOS 12.4(20)T
Solution 1
It turns out the Error: Invalid Archive
part was the key thing. The archives were corrupt. I'd been using TFTPD32 as a basic TFTP server to transfer the AnyConnect package files to the router; somewhere along the line they got corrupted.
I discovered this by running verify flash:filename
and by also trying to upgrade the IOS release; before reloading the system it automatically does a verify on the new IOS image, and sure enough the image was corrupt, too.
I switched to using an FTP server to copy my images (copy ftp://x.x.x.x/filename.pkg flash:/webvpn/filename.pkg
) and the webvpn install svc
command started working.
Solution 2
I have a TAC case open to see if any good documentation exists for this, but I did get a basic installation up and running using SDM 2.5. Unfortunately SDM will NOT recognize that Anyconnect is installed even though it is. You will need to install the Anyconnect packages manually and then setup the rest in SDM.
First...install Anyconnect packages. I use the Window and Mac packages. TFTP them onto the router and install them using: (from conf t)
webvpn install svc flash:/windows_package_name.pkg sequence 1
webvpn install svc flash:/mac_package_name.pkg sequence 2
It will install and your config will have lines like this:
webvpn install svc flash:/webvpn/svc_1.pkg sequence 1
webvpn install svc flash:/webvpn/svc_2.pkg sequence 2
Now you can go into SDM and run the wizard....
Hope this helps!
-Andy
Updating: I got a reply on my TAC case....here are the URLs Cisco sent me:
Here is the IOS SSL VPN Data Sheet that explains what features are available
www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/product_data_sheet0900aecd80405e25.html
Here is the IOS SSL VPN CLI Configuration Guide:
www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_ssl_vpn.html
Here are several IOS SSL VPN Configuration Examples & TechNotes:
www.cisco.com/en/US/products/ps6657/prod_configuration_examples_list.html
Related videos on Youtube
Comments
-
Priyanjan over 1 year
There are plenty of tutorials on setting up AnyConnect on an ASA unit, and a handful of links noting that IOS 12.4(15) and later support AnyConnect, but I can't seem to find any good documentation about how to setup AnyConnect on IOS; most tutorials assume you only want a clientless VPN on IOS. the best I've found is this document on Cisco's site, but it's not working for me in practice - see below.
This is all on a Cisco 881W:
router#show version | include Version Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 12.4(20)T1, RELEASE SOFTWARE (fc3) ROM: System Bootstrap, Version 12.4(15r)XZ2, RELEASE SOFTWARE (fc1)
The old SSL VPN Client seems to install just fine:
router#show webvpn install status svc SSLVPN Package SSL-VPN-Client version installed: CISCO STC win2k+ 1.0.0 1,1,4,176 Thu 08/16/2007 12:37:00.43
However, when I install the AnyConnect client, after authenticating it hangs for a while during the self-update process, and stops with an error that the "AnyConnect package unavailable or corrupted."
When I try to install the AnyConnect package on the router, I'm told that it's an invalid archive:
router(config)#webvpn install svc flash:/webvpn/anyconnect-win-2.3.2016-k9.pkg SSLVPN Package SSL-VPN-Client (seq:2): installed Error: Invalid Archive
Does anyone have a good sample on how to get the 2.x AnyConnect clients working with a Cisco device running IOS?
-
Priyanjan over 14 yearsThat's incorrect. The sslclient packages you're referring to are old; AnyConnect replaced the SSL VPN client in the 2.x releases. See the release notes for upgrading to AnyConnect 2.0 here: cisco.com/en/US/docs/security/vpn_client/anyconnect/…