David Bird
asked on
Cisco Anyconnect rejecting connection
I have setup anyconnect on my ASA 5505 using the wizard and just SSL. I unchecked IPSec so I didn't have to have a certificate. No errors on the wizard. IOS is 8.3 and anyconnect-win-3.1.05170-k 9.pkg. When I try to connect, I get:
A secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication. The following message was received from the secure gateway: Host or network is 0.
Would someone point me towards a troubleshooting document or let me know your thoughts on the error message?
thanx
A secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication. The following message was received from the secure gateway: Host or network is 0.
Would someone point me towards a troubleshooting document or let me know your thoughts on the error message?
thanx
Is IP pool assigned? Is it exhausted?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is probably what you were looking for.
tunnel-group Anyconnect-profile type remote-access
tunnel-group Anyconnect-profile general-attributes
address-pool Anyconnect-pool
username <user> password lSmlqVTVIMeF0ADQ encrypted privilege 0
username <user> attributes
vpn-group-policy AnyConnect
tunnel-group Anyconnect-profile type remote-access
tunnel-group Anyconnect-profile general-attributes
address-pool Anyconnect-pool
username <user> password lSmlqVTVIMeF0ADQ encrypted privilege 0
username <user> attributes
vpn-group-policy AnyConnect
Would you post your full vpn config please?
ASKER
object network OBJ-Anyconnect-Subnet
subnet 192.168.51.0 255.255.255.0
ip local pool Anyconnect-pool 192.168.51.50-192.168.51.7 5 mask 255.255.255.0
http server enable
webvpn
port 444
enable outside
svc image disk0:/anyconnect-win-3.1. 05170-k9.p kg 1
svc enable
tunnel-group-list enable
group-policy AnyConnect internal
group-policy AnyConnect attributes
dns-server value 192.168.50.5
vpn-tunnel-protocol svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT-TUNNEL
username <user> attributes
vpn-group-policy AnyConnect
tunnel-group Anyconnect-profile type remote-access
tunnel-group Anyconnect-profile general-attributes
address-pool Anyconnect-pool
default-group-policy AnyConnect
tunnel-group AnyConnect-VPN type remote-access
tunnel-group AnyConnect-VPN general-attributes
address-pool Anyconnect-pool
default-group-policy AnyConnect
I believe that's it.
subnet 192.168.51.0 255.255.255.0
ip local pool Anyconnect-pool 192.168.51.50-192.168.51.7
http server enable
webvpn
port 444
enable outside
svc image disk0:/anyconnect-win-3.1.
svc enable
tunnel-group-list enable
group-policy AnyConnect internal
group-policy AnyConnect attributes
dns-server value 192.168.50.5
vpn-tunnel-protocol svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT-TUNNEL
username <user> attributes
vpn-group-policy AnyConnect
tunnel-group Anyconnect-profile type remote-access
tunnel-group Anyconnect-profile general-attributes
address-pool Anyconnect-pool
default-group-policy AnyConnect
tunnel-group AnyConnect-VPN type remote-access
tunnel-group AnyConnect-VPN general-attributes
address-pool Anyconnect-pool
default-group-policy AnyConnect
I believe that's it.
Can you please try the following:
group-policy AnyConnect attributes
vpn-tunnel-protocol ipsec svc
group-policy AnyConnect attributes
vpn-tunnel-protocol ipsec svc
ASKER
Two issues I had missed. I did not assign the IP Pool to the Anyconnect policy.
I did not add nat (inside,outside).
I did not add nat (inside,outside).