Solved

RA VPN error (service provider in your location is restricting access)

Posted on 2016-09-19
4
114 Views
Last Modified: 2016-09-20
How can I bypass this? It's driving me nuts. I was able to get to by pass this and login to VPN on one of the machines but I can't on the other.

2016-09-19_11-59-47.jpg
Also, now I am unable to authenticate the password, it keeps bouncing me back to the below window. How was I able to do this last week if it's not working this week?

2016-09-19_12-11-14.jpg
CONFIG
webvpn gateway SSL_VPN_GATEWAY
 ip address ########### port 443  
 ssl encryption rc4-md5
 ssl trustpoint SSL_VPN_CERT
 inservice
 !
webvpn install svc flash:/webvpn/anyconnect-win-3.1.03103-k9.pkg sequence 1
 !
webvpn context SSL_CONTEXT
 ssl authenticate verify all
 !
 url rewrite
   unmatched-action redirect

 acl "SSL_ACL"
   permit ip 172.28.6.100 255.255.255.192 172.28.6.100 255.255.255.192
   permit ip 172.28.6.64 255.255.255.192 172.28.6.64 255.255.255.192 
!
 policy group SSL_POLICY
   acl "SSL_ACL"
   functions svc-enabled
   functions svc-required
   filter tunnel SSL_ACL
   svc address-pool "SSL_VPN_POOL" netmask 255.255.255.192
   svc rekey method new-tunnel
   svc split include 172.28.6.64 255.255.255.192
   svc dns-server primary 8.8.8.8
 default-group-policy SSL_POLICY
 aaa authentication list SSL_VPN_AAA
 gateway SSL_VPN_GATEWAY
 max-users 2
 inservice
!

Open in new window

0
Comment
Question by:Shark Attack
  • 2
4 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 41806026
The site are on has a proxy server, or you need to authenticate to the wireless infrastructure? AnyConnect uses https thats why you are seeing this error, you need to ask the proxy server provider to allow internet access for your machine on port TCP 443 (they will probably say no). Or authenticate to the wireless.
0
 
LVL 22

Accepted Solution

by:
Jody Lemoine earned 250 total points
ID: 41806465
This happens whenever the AnyConnect client detects a captive portal. If there isn't one, AnyConnect can still detect one in error and produce this result. If this happens, there are a few things you can do.

  1. Login via your web browser, which will handle the initial connection and start AnyConnect with the necessary information to connect.
  2. Add http-redirect to your gateway configuration. AnyConnect expects to be able to reach its endpoint on 80/tcp and 443/tcp and if it can't, it detects a blockage. With http-redirect, all non-secure connection attempts are redirected to 443/tcp, satisfying AnyConnect's tests.
  3. If you have AnyConnect 4.x, you can disable the client's captive portal detection in the client preferences.
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 250 total points
ID: 41806627
As pointed out above
Disable Captive Portal
0
 
LVL 2

Author Comment

by:Shark Attack
ID: 41806660
sweet! i used to HTTP-redirect to 80 and it works.! thanks all!
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Router DMZ 5 63
Vlan to Vlan communication 9 80
By pass website on ASA for Websense 4 55
Incredibly slow speeds while testing on server in China? 5 47
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now