Link to home
Start Free TrialLog in
Avatar of David Bird
David BirdFlag for United States of America

asked on

Cisco Anyconnect rejecting connection

I have setup anyconnect on my ASA 5505 using the wizard and just SSL. I unchecked IPSec so I didn't have to have a certificate. No errors on the wizard.  IOS is 8.3 and anyconnect-win-3.1.05170-k9.pkg.  When I try to connect, I get:
A secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication.  The following message was received from the secure gateway: Host or network is 0.

Would someone point me towards a troubleshooting document or let me know your thoughts on the error message?

thanx
Avatar of SIM50
SIM50
Flag of United States of America image

Is IP pool assigned? Is it exhausted?
ASKER CERTIFIED SOLUTION
Avatar of David Bird
David Bird
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of David Bird

ASKER

This is probably what you were looking for.
tunnel-group Anyconnect-profile type remote-access
tunnel-group Anyconnect-profile general-attributes
 address-pool Anyconnect-pool

username <user> password lSmlqVTVIMeF0ADQ encrypted privilege 0
username <user> attributes
 vpn-group-policy AnyConnect
Would you post your full vpn config please?
object network OBJ-Anyconnect-Subnet
 subnet 192.168.51.0 255.255.255.0
ip local pool Anyconnect-pool 192.168.51.50-192.168.51.75 mask 255.255.255.0
http server enable
webvpn
 port 444
 enable outside
 svc image disk0:/anyconnect-win-3.1.05170-k9.pkg 1
 svc enable
 tunnel-group-list enable
group-policy AnyConnect internal
group-policy AnyConnect attributes
 dns-server value 192.168.50.5
 vpn-tunnel-protocol svc
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value SPLIT-TUNNEL
username <user> attributes
 vpn-group-policy AnyConnect
tunnel-group Anyconnect-profile type remote-access
tunnel-group Anyconnect-profile general-attributes
 address-pool Anyconnect-pool
 default-group-policy AnyConnect
tunnel-group AnyConnect-VPN type remote-access
tunnel-group AnyConnect-VPN general-attributes
 address-pool Anyconnect-pool
 default-group-policy AnyConnect

I believe that's it.
Can you please try the following:

group-policy AnyConnect attributes
vpn-tunnel-protocol ipsec svc
Two issues I had missed.  I did not assign the IP Pool to the Anyconnect policy.
I did not add nat (inside,outside).