Solved

RA VPN error (service provider in your location is restricting access)

Posted on 2016-09-19
4
82 Views
Last Modified: 2016-09-20
How can I bypass this? It's driving me nuts. I was able to get to by pass this and login to VPN on one of the machines but I can't on the other.

2016-09-19_11-59-47.jpg
Also, now I am unable to authenticate the password, it keeps bouncing me back to the below window. How was I able to do this last week if it's not working this week?

2016-09-19_12-11-14.jpg
CONFIG
webvpn gateway SSL_VPN_GATEWAY
 ip address ########### port 443  
 ssl encryption rc4-md5
 ssl trustpoint SSL_VPN_CERT
 inservice
 !
webvpn install svc flash:/webvpn/anyconnect-win-3.1.03103-k9.pkg sequence 1
 !
webvpn context SSL_CONTEXT
 ssl authenticate verify all
 !
 url rewrite
   unmatched-action redirect

 acl "SSL_ACL"
   permit ip 172.28.6.100 255.255.255.192 172.28.6.100 255.255.255.192
   permit ip 172.28.6.64 255.255.255.192 172.28.6.64 255.255.255.192 
!
 policy group SSL_POLICY
   acl "SSL_ACL"
   functions svc-enabled
   functions svc-required
   filter tunnel SSL_ACL
   svc address-pool "SSL_VPN_POOL" netmask 255.255.255.192
   svc rekey method new-tunnel
   svc split include 172.28.6.64 255.255.255.192
   svc dns-server primary 8.8.8.8
 default-group-policy SSL_POLICY
 aaa authentication list SSL_VPN_AAA
 gateway SSL_VPN_GATEWAY
 max-users 2
 inservice
!

Open in new window

0
Comment
Question by:Shark Attack
  • 2
4 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 41806026
The site are on has a proxy server, or you need to authenticate to the wireless infrastructure? AnyConnect uses https thats why you are seeing this error, you need to ask the proxy server provider to allow internet access for your machine on port TCP 443 (they will probably say no). Or authenticate to the wireless.
0
 
LVL 22

Accepted Solution

by:
Jody Lemoine earned 250 total points
ID: 41806465
This happens whenever the AnyConnect client detects a captive portal. If there isn't one, AnyConnect can still detect one in error and produce this result. If this happens, there are a few things you can do.

  1. Login via your web browser, which will handle the initial connection and start AnyConnect with the necessary information to connect.
  2. Add http-redirect to your gateway configuration. AnyConnect expects to be able to reach its endpoint on 80/tcp and 443/tcp and if it can't, it detects a blockage. With http-redirect, all non-secure connection attempts are redirected to 443/tcp, satisfying AnyConnect's tests.
  3. If you have AnyConnect 4.x, you can disable the client's captive portal detection in the client preferences.
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 250 total points
ID: 41806627
As pointed out above
Disable Captive Portal
0
 
LVL 1

Author Comment

by:Shark Attack
ID: 41806660
sweet! i used to HTTP-redirect to 80 and it works.! thanks all!
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Read about achieving the basic levels of HRIS security in the workplace.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now