Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 456
  • Last Modified:

Cisco Anyconnect rejecting connection

I have setup anyconnect on my ASA 5505 using the wizard and just SSL. I unchecked IPSec so I didn't have to have a certificate. No errors on the wizard.  IOS is 8.3 and anyconnect-win-3.1.05170-k9.pkg.  When I try to connect, I get:
A secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication.  The following message was received from the secure gateway: Host or network is 0.

Would someone point me towards a troubleshooting document or let me know your thoughts on the error message?

thanx
0
David Bird
Asked:
David Bird
  • 4
  • 3
1 Solution
 
SIM50Commented:
Is IP pool assigned? Is it exhausted?
0
 
David BirdPartnerAuthor Commented:
Yes.
ip local pool Anyconnect-pool 192.168.51.50-192.168.51.75 mask 255.255.255.0
No one can connect so no IP's are in use.  Network IP scheme is on 192.168.50.x so no conflict on IP's either.

thank you.
0
 
David BirdPartnerAuthor Commented:
This is probably what you were looking for.
tunnel-group Anyconnect-profile type remote-access
tunnel-group Anyconnect-profile general-attributes
 address-pool Anyconnect-pool

username <user> password lSmlqVTVIMeF0ADQ encrypted privilege 0
username <user> attributes
 vpn-group-policy AnyConnect
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
SIM50Commented:
Would you post your full vpn config please?
0
 
David BirdPartnerAuthor Commented:
object network OBJ-Anyconnect-Subnet
 subnet 192.168.51.0 255.255.255.0
ip local pool Anyconnect-pool 192.168.51.50-192.168.51.75 mask 255.255.255.0
http server enable
webvpn
 port 444
 enable outside
 svc image disk0:/anyconnect-win-3.1.05170-k9.pkg 1
 svc enable
 tunnel-group-list enable
group-policy AnyConnect internal
group-policy AnyConnect attributes
 dns-server value 192.168.50.5
 vpn-tunnel-protocol svc
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value SPLIT-TUNNEL
username <user> attributes
 vpn-group-policy AnyConnect
tunnel-group Anyconnect-profile type remote-access
tunnel-group Anyconnect-profile general-attributes
 address-pool Anyconnect-pool
 default-group-policy AnyConnect
tunnel-group AnyConnect-VPN type remote-access
tunnel-group AnyConnect-VPN general-attributes
 address-pool Anyconnect-pool
 default-group-policy AnyConnect

I believe that's it.
0
 
SIM50Commented:
Can you please try the following:

group-policy AnyConnect attributes
vpn-tunnel-protocol ipsec svc
0
 
David BirdPartnerAuthor Commented:
Two issues I had missed.  I did not assign the IP Pool to the Anyconnect policy.
I did not add nat (inside,outside).
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now