Solved

Cisco Anyconnect rejecting connection

Posted on 2016-08-10
7
20 Views
Last Modified: 2016-08-16
I have setup anyconnect on my ASA 5505 using the wizard and just SSL. I unchecked IPSec so I didn't have to have a certificate. No errors on the wizard.  IOS is 8.3 and anyconnect-win-3.1.05170-k9.pkg.  When I try to connect, I get:
A secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication.  The following message was received from the secure gateway: Host or network is 0.

Would someone point me towards a troubleshooting document or let me know your thoughts on the error message?

thanx
0
Comment
Question by:davebird
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 14

Expert Comment

by:SIM50
ID: 41750409
Is IP pool assigned? Is it exhausted?
0
 

Accepted Solution

by:
davebird earned 0 total points
ID: 41750412
Yes.
ip local pool Anyconnect-pool 192.168.51.50-192.168.51.75 mask 255.255.255.0
No one can connect so no IP's are in use.  Network IP scheme is on 192.168.50.x so no conflict on IP's either.

thank you.
0
 

Author Comment

by:davebird
ID: 41750417
This is probably what you were looking for.
tunnel-group Anyconnect-profile type remote-access
tunnel-group Anyconnect-profile general-attributes
 address-pool Anyconnect-pool

username <user> password lSmlqVTVIMeF0ADQ encrypted privilege 0
username <user> attributes
 vpn-group-policy AnyConnect
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 14

Expert Comment

by:SIM50
ID: 41750427
Would you post your full vpn config please?
0
 

Author Comment

by:davebird
ID: 41750446
object network OBJ-Anyconnect-Subnet
 subnet 192.168.51.0 255.255.255.0
ip local pool Anyconnect-pool 192.168.51.50-192.168.51.75 mask 255.255.255.0
http server enable
webvpn
 port 444
 enable outside
 svc image disk0:/anyconnect-win-3.1.05170-k9.pkg 1
 svc enable
 tunnel-group-list enable
group-policy AnyConnect internal
group-policy AnyConnect attributes
 dns-server value 192.168.50.5
 vpn-tunnel-protocol svc
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value SPLIT-TUNNEL
username <user> attributes
 vpn-group-policy AnyConnect
tunnel-group Anyconnect-profile type remote-access
tunnel-group Anyconnect-profile general-attributes
 address-pool Anyconnect-pool
 default-group-policy AnyConnect
tunnel-group AnyConnect-VPN type remote-access
tunnel-group AnyConnect-VPN general-attributes
 address-pool Anyconnect-pool
 default-group-policy AnyConnect

I believe that's it.
0
 
LVL 14

Expert Comment

by:SIM50
ID: 41750475
Can you please try the following:

group-policy AnyConnect attributes
vpn-tunnel-protocol ipsec svc
0
 

Author Closing Comment

by:davebird
ID: 41757611
Two issues I had missed.  I did not assign the IP Pool to the Anyconnect policy.
I did not add nat (inside,outside).
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question