Solved

Cisco Anyconnect rejecting connection

Posted on 2016-08-10
7
18 Views
Last Modified: 2016-08-16
I have setup anyconnect on my ASA 5505 using the wizard and just SSL. I unchecked IPSec so I didn't have to have a certificate. No errors on the wizard.  IOS is 8.3 and anyconnect-win-3.1.05170-k9.pkg.  When I try to connect, I get:
A secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication.  The following message was received from the secure gateway: Host or network is 0.

Would someone point me towards a troubleshooting document or let me know your thoughts on the error message?

thanx
0
Comment
Question by:davebird
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 14

Expert Comment

by:SIM50
ID: 41750409
Is IP pool assigned? Is it exhausted?
0
 

Accepted Solution

by:
davebird earned 0 total points
ID: 41750412
Yes.
ip local pool Anyconnect-pool 192.168.51.50-192.168.51.75 mask 255.255.255.0
No one can connect so no IP's are in use.  Network IP scheme is on 192.168.50.x so no conflict on IP's either.

thank you.
0
 

Author Comment

by:davebird
ID: 41750417
This is probably what you were looking for.
tunnel-group Anyconnect-profile type remote-access
tunnel-group Anyconnect-profile general-attributes
 address-pool Anyconnect-pool

username <user> password lSmlqVTVIMeF0ADQ encrypted privilege 0
username <user> attributes
 vpn-group-policy AnyConnect
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 14

Expert Comment

by:SIM50
ID: 41750427
Would you post your full vpn config please?
0
 

Author Comment

by:davebird
ID: 41750446
object network OBJ-Anyconnect-Subnet
 subnet 192.168.51.0 255.255.255.0
ip local pool Anyconnect-pool 192.168.51.50-192.168.51.75 mask 255.255.255.0
http server enable
webvpn
 port 444
 enable outside
 svc image disk0:/anyconnect-win-3.1.05170-k9.pkg 1
 svc enable
 tunnel-group-list enable
group-policy AnyConnect internal
group-policy AnyConnect attributes
 dns-server value 192.168.50.5
 vpn-tunnel-protocol svc
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value SPLIT-TUNNEL
username <user> attributes
 vpn-group-policy AnyConnect
tunnel-group Anyconnect-profile type remote-access
tunnel-group Anyconnect-profile general-attributes
 address-pool Anyconnect-pool
 default-group-policy AnyConnect
tunnel-group AnyConnect-VPN type remote-access
tunnel-group AnyConnect-VPN general-attributes
 address-pool Anyconnect-pool
 default-group-policy AnyConnect

I believe that's it.
0
 
LVL 14

Expert Comment

by:SIM50
ID: 41750475
Can you please try the following:

group-policy AnyConnect attributes
vpn-tunnel-protocol ipsec svc
0
 

Author Closing Comment

by:davebird
ID: 41757611
Two issues I had missed.  I did not assign the IP Pool to the Anyconnect policy.
I did not add nat (inside,outside).
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question