1 Reply Latest reply: Feb 28, 2019 2:38 PM by Loc Nguyen RSS

    ASA Anyconnect- We have issue when using iphone as a hotspot

    Loc Nguyen

      Hi,

       

      We have issue when using  my iphone as a hotspot  to anyconnect to a customer.

       

      When I use normal internet, it works well.

       

      I still can use my iphone as a hotspot for other customers with the same laptop.

       

      Do you think it is the issue with the ASA config or ASA's licese?

       

      Please let me know if you need more information.

       

      Below is the show version:

       

      asa# show version


      Cisco Adaptive Security Appliance Software Version 9.9(2)

      Firepower Extensible Operating System Version 2.3(1.84)

      Device Manager Version 7.9(2)152


      Compiled on Sun 25-Mar-18 17:29 PDT by builders

      System image file is "disk0:/asa992-lfbff-k8.SPA"

      Config file at boot was "startup-config"


      asa up 1 day 22 hours


      Hardware:   ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)

      Internal ATA Compact Flash, 8000MB

      BIOS Flash M25P64 @ 0xfed01000, 16384KB


      Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)

                                   Number of accelerators: 1


      1: Ext: GigabitEthernet1/1  : address is e00e.da8b.c49d, irq 255

      2: Ext: GigabitEthernet1/2  : address is e00e.da8b.c49e, irq 255

      3: Ext: GigabitEthernet1/3  : address is e00e.da8b.c49f, irq 255

      4: Ext: GigabitEthernet1/4  : address is e00e.da8b.c4a0, irq 255

      5: Ext: GigabitEthernet1/5  : address is e00e.da8b.c4a1, irq 255

      6: Ext: GigabitEthernet1/6  : address is e00e.da8b.c4a2, irq 255

      7: Ext: GigabitEthernet1/7  : address is e00e.da8b.c4a3, irq 255

      8: Ext: GigabitEthernet1/8  : address is e00e.da8b.c4a4, irq 255

      9: Int: Internal-Data1/1    : address is e00e.da8b.c49c, irq 255

      10: Int: Internal-Data1/2    : address is 0000.0001.0002, irq 0

      11: Int: Internal-Control1/1 : address is 0000.0001.0001, irq 0

      12: Int: Internal-Data1/3    : address is 0000.0001.0003, irq 0

      13: Ext: Management1/1       : address is e00e.da8b.c49c, irq 0

      14: Int: Internal-Data1/4    : address is 0000.0100.0001, irq 0


      Licensed features for this platform:

      Maximum Physical Interfaces       : Unlimited      perpetual

      Maximum VLANs                     : 5              perpetual

      Inside Hosts                      : Unlimited      perpetual

      Failover                          : Disabled       perpetual

      Encryption-DES                    : Enabled        perpetual

      Encryption-3DES-AES               : Enabled        perpetual

      Carrier                           : Disabled       perpetual

      AnyConnect Premium Peers          : 50             perpetual

      AnyConnect Essentials             : Disabled       perpetual

      Other VPN Peers                   : 10             perpetual

      Total VPN Peers                   : 50             perpetual

      AnyConnect for Mobile             : Enabled        perpetual

      AnyConnect for Cisco VPN Phone    : Enabled        perpetual

      Advanced Endpoint Assessment      : Enabled        perpetual

      Shared License                    : Disabled       perpetual

      Total TLS Proxy Sessions          : 2              perpetual

      Botnet Traffic Filter             : Disabled       perpetual

      Cluster                           : Disabled       perpetual


      This platform has a Base license.


      Serial Number:

      Running Permanent Activation Key:

      Configuration register is 0x1

      Image type                : Release

      Key Version               : A

       

      Thanks

       

      Loc

                 

         
        • 1. Re: ASA Anyconnect- We have issue when using iphone as a hotspot
          Loc Nguyen

          Below is the log file when it has issue:

           

          107.77.222.76 is ip of my iphone.

          166.255.x.x is the ip of the ASA.

           

           

          %ASA-7-725012: Device chooses cipher ECDHE-RSA-AES256-GCM-SHA384 for the SSL session with client WAN:107.77.222.76/56999 to 166.255.x.x/443


          %ASA-6-725016: Device selects trust-point ASDM_TrustPoint0 for client WAN:107.77.222.76/56999 to 166.255.x.x/443


          %ASA-4-313005: No matching connection for ICMP error message: icmp src WAN:107.77.222.76 dst identity:166.255.x.x (type 11, code 1) on WAN interface.  Original IP payload: tcp src 166.255.x.x/443 dst 107.77.222.76/60831.


          %ASA-3-313001: Denied ICMP type=11, code=1 from 107.77.222.76 on interface WAN

          %ASA-6-302020: Built inbound ICMP connection for faddr 107.77.222.76/0 gaddr 166.255.x.x/0 laddr 166.255.x.x/0 type 11 code 1

          %ASA-6-302021: Teardown ICMP connection for faddr 107.77.222.76/0 gaddr 166.255.x.x/0 laddr 166.255.x.x/0 type 11 code 1


          %ASA-4-313005: No matching connection for ICMP error message: icmp src WAN:107.77.222.76 dst identity:166.255.x.x (type 11, code 1) on WAN interface.  Original IP payload: tcp src 166.255.x.x/443 dst 107.77.222.76/60831.


          %ASA-3-313001: Denied ICMP type=11, code=1 from 107.77.222.76 on interface WAN

          %ASA-4-313005: No matching connection for ICMP error message: icmp src WAN:107.77.222.76 dst identity:166.255.x.x (type 11, code 1) on WAN interface.  Original IP payload: tcp src 166.255.x.x/443 dst 107.77.222.76/60831.