Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco Anyconnect rejecting connection

Posted on 2016-08-10
7
Medium Priority
?
33 Views
Last Modified: 2016-08-16
I have setup anyconnect on my ASA 5505 using the wizard and just SSL. I unchecked IPSec so I didn't have to have a certificate. No errors on the wizard.  IOS is 8.3 and anyconnect-win-3.1.05170-k9.pkg.  When I try to connect, I get:
A secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication.  The following message was received from the secure gateway: Host or network is 0.

Would someone point me towards a troubleshooting document or let me know your thoughts on the error message?

thanx
0
Comment
Question by:davebird
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 14

Expert Comment

by:SIM50
ID: 41750409
Is IP pool assigned? Is it exhausted?
0
 

Accepted Solution

by:
davebird earned 0 total points
ID: 41750412
Yes.
ip local pool Anyconnect-pool 192.168.51.50-192.168.51.75 mask 255.255.255.0
No one can connect so no IP's are in use.  Network IP scheme is on 192.168.50.x so no conflict on IP's either.

thank you.
0
 

Author Comment

by:davebird
ID: 41750417
This is probably what you were looking for.
tunnel-group Anyconnect-profile type remote-access
tunnel-group Anyconnect-profile general-attributes
 address-pool Anyconnect-pool

username <user> password lSmlqVTVIMeF0ADQ encrypted privilege 0
username <user> attributes
 vpn-group-policy AnyConnect
0
WEBINAR - Latest Cyber Tips for Defense

Join the WatchGuard Threat Research Team on October 26th for an informative webinar featuring expert tips and tricks for defending your organization from today's latest cyber threats. Don't leave yourself vulnerable to attack. Register for the webinar today!

 
LVL 14

Expert Comment

by:SIM50
ID: 41750427
Would you post your full vpn config please?
0
 

Author Comment

by:davebird
ID: 41750446
object network OBJ-Anyconnect-Subnet
 subnet 192.168.51.0 255.255.255.0
ip local pool Anyconnect-pool 192.168.51.50-192.168.51.75 mask 255.255.255.0
http server enable
webvpn
 port 444
 enable outside
 svc image disk0:/anyconnect-win-3.1.05170-k9.pkg 1
 svc enable
 tunnel-group-list enable
group-policy AnyConnect internal
group-policy AnyConnect attributes
 dns-server value 192.168.50.5
 vpn-tunnel-protocol svc
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value SPLIT-TUNNEL
username <user> attributes
 vpn-group-policy AnyConnect
tunnel-group Anyconnect-profile type remote-access
tunnel-group Anyconnect-profile general-attributes
 address-pool Anyconnect-pool
 default-group-policy AnyConnect
tunnel-group AnyConnect-VPN type remote-access
tunnel-group AnyConnect-VPN general-attributes
 address-pool Anyconnect-pool
 default-group-policy AnyConnect

I believe that's it.
0
 
LVL 14

Expert Comment

by:SIM50
ID: 41750475
Can you please try the following:

group-policy AnyConnect attributes
vpn-tunnel-protocol ipsec svc
0
 

Author Closing Comment

by:davebird
ID: 41757611
Two issues I had missed.  I did not assign the IP Pool to the Anyconnect policy.
I did not add nat (inside,outside).
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Considering cloud tradeoffs and determining the right mix for your organization.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question