Cisco AnyConnect on IOS 12.4(20)T

vpn cisco ios anyconnect

8,742

Solution 1

It turns out the Error: Invalid Archive part was the key thing. The archives were corrupt. I'd been using TFTPD32 as a basic TFTP server to transfer the AnyConnect package files to the router; somewhere along the line they got corrupted.

I discovered this by running verify flash:filename and by also trying to upgrade the IOS release; before reloading the system it automatically does a verify on the new IOS image, and sure enough the image was corrupt, too.

I switched to using an FTP server to copy my images (copy ftp://x.x.x.x/filename.pkg flash:/webvpn/filename.pkg) and the webvpn install svc command started working.

Solution 2

I have a TAC case open to see if any good documentation exists for this, but I did get a basic installation up and running using SDM 2.5. Unfortunately SDM will NOT recognize that Anyconnect is installed even though it is. You will need to install the Anyconnect packages manually and then setup the rest in SDM.

First...install Anyconnect packages. I use the Window and Mac packages. TFTP them onto the router and install them using: (from conf t)

webvpn install svc flash:/windows_package_name.pkg sequence 1

webvpn install svc flash:/mac_package_name.pkg sequence 2

It will install and your config will have lines like this:

webvpn install svc flash:/webvpn/svc_1.pkg sequence 1

webvpn install svc flash:/webvpn/svc_2.pkg sequence 2

Now you can go into SDM and run the wizard....

Hope this helps!

-Andy

Updating: I got a reply on my TAC case....here are the URLs Cisco sent me:

Here is the IOS SSL VPN Data Sheet that explains what features are available

www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/product_data_sheet0900aecd80405e25.html

Here is the IOS SSL VPN CLI Configuration Guide:

www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_ssl_vpn.html

Here are several IOS SSL VPN Configuration Examples & TechNotes:

www.cisco.com/en/US/products/ps6657/prod_configuration_examples_list.html

8,742

Priyanjan

Software developer/ops geek at Socrata

Updated on September 17, 2022

Comments

Priyanjan over 1 year
There are plenty of tutorials on setting up AnyConnect on an ASA unit, and a handful of links noting that IOS 12.4(15) and later support AnyConnect, but I can't seem to find any good documentation about how to setup AnyConnect on IOS; most tutorials assume you only want a clientless VPN on IOS. the best I've found is this document on Cisco's site, but it's not working for me in practice - see below.

This is all on a Cisco 881W:
```
router#show version | include Version
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 12.4(20)T1, RELEASE SOFTWARE (fc3)
ROM: System Bootstrap, Version 12.4(15r)XZ2, RELEASE SOFTWARE (fc1)
```
The old SSL VPN Client seems to install just fine:
```
router#show webvpn install status svc  
SSLVPN Package SSL-VPN-Client version installed:
CISCO STC win2k+ 1.0.0 
1,1,4,176
Thu 08/16/2007 12:37:00.43 
```
However, when I install the AnyConnect client, after authenticating it hangs for a while during the self-update process, and stops with an error that the "AnyConnect package unavailable or corrupted."

When I try to install the AnyConnect package on the router, I'm told that it's an invalid archive:
```
router(config)#webvpn install svc flash:/webvpn/anyconnect-win-2.3.2016-k9.pkg
SSLVPN Package SSL-VPN-Client (seq:2): installed Error: Invalid Archive
```
Does anyone have a good sample on how to get the 2.x AnyConnect clients working with a Cisco device running IOS?
Priyanjan over 14 years

That's incorrect. The sslclient packages you're referring to are old; AnyConnect replaced the SSL VPN client in the 2.x releases. See the release notes for upgrading to AnyConnect 2.0 here: cisco.com/en/US/docs/security/vpn_client/anyconnect/…