Cisco VPN :: ASA 5510 - AnyConnect Not Able To Establish Connection To Specified Secure Gateway
May 30, 2012
Two ASA-5510 in Failover.I already have several VPN with Cisco VPN client.Now I have the requirement to activate new AnyConnect VPN, witch "migrate" the old VPN to.The customer does not want to purchase licenses for SSL VPN, and then I have to configure the AnyConnect on IPSEC.I read that AnyConnect over IPSEC don't need SSL license - is this right?
Client version 2.5.3055.On the ASA with 8.4.2 (ASDM 6.4.7) I don't find HOW to configure the IPSEC for AnyConnect, while a friend of mine with 8.4.3 did it.Is there a way to configure using CLI, or is an item of the 8.4.2 ?When I try to connect, after authenticating Username & Password, I receive (on the client) a message "AnyConnect was not able to establish a connection to the specified secure gateway." On the "Real Time Log Viewer" I see only SSL, never IKE nor IPSEC
View 1 Replies
ADVERTISEMENT
Apr 26, 2011
I too am having a problem establishing a secure connection for Dropbox, Adobe update and just about every website I try to access via Firefox or Chrome comes up as unsecure. I can add exceptions, but I would rather access them securely.
View 3 Replies
View Related
Feb 27, 2012
Here is the pertinent information first...
Windows 7
Cisco AnyConnect SecureMobility Client 3.0.4235
Cisco ASA 5510 firewall 8.2
The problem is.....When I log in, the client does its start-up bit, and then displays a "This certificate is intended for the following purpose(s):" message. If I decline the certificate, it gives me the error message shown in the image, but I can otherwise continue and establish my VPNs with no problem.
Unfortunately, the certificate it selects has nothing to do with my organization ( in fact, the certificate is for "*.whitepages.com" - see images). To make matters worse, I can not find this referenced certificate anywhere under my user context in Windows.
I have tried removing, rebooting, and re-installing - it does no good.How do I force the client to stop using this incorrect certificate, and to at least use one that belongs to my organization?
View 7 Replies
View Related
May 31, 2012
I have successfully connected two RV042s to establish a VPN gateway to VPN gateway connection. I have the follow questions:
1. I would like to keep the VPN tunnel connection time indefinite. Is it sufficient by checking the "Keep-Alive" box on the VPN -> Gateway To Gateway -> Advance page? Or, I have to ping the RV042 periodically?
2. Do the "Phase 1/Phase 2 SA Life Time" (on VPN -> Gateway To Gateway page) settings have any impact on keeping the VPN connection time indefinite? What are the optimal values for them?
3. Is there an API, command, or script to replace a manual clicking on the "CONNECT" button to establish the VPN tunnel from the VPN -> Summary page? Or, is there a way to accomplish this at power up?
4. Is there a way to establish a VPN tunnel without going through login and clicking the "CONNECT" button? (Auto connect at power up?)
View 3 Replies
View Related
Nov 9, 2011
I use a Cisco ASA 5510 with the AnyConnect VPN for remote workers. Now we want to give access to a select group of consultants who only need access to one sever and block everything else.
I was thinking this could be done by creating a separate AnyConnect Connection Profile on the ASA. From that new connection will come a new GroupPolicy with a ACL to only allow access to the one system. That GroupPolicy will point to the Radius Server looking for an account in a specific MemberOf group.
My question is - Could you explain how the ASA knows what Connection Profile to use when a user tries to authenticate? Does it automatically hunt down each Connection Profile until there is a username match via RADIUS in the Connect Profile?
View 1 Replies
View Related
Dec 11, 2012
I have configured anyconnect for phone at ASA 5510. Phone can connect to Corporate network through VPN from outside without any problem.
If I connect laptop to PC port at phone, I can run anyconnect client at pc and get vpn connection through phone. Can I get VPN connection for laptop through phone without running anyconnect client at the laptop i.e. can phone share VPN connection for laptop at PC port?
View 1 Replies
View Related
Jan 4, 2012
I am simulating Anyconnect VPN connection in the lab.I have an issue while configuring Anyconnect VPN on ASA5510.
I can have a successfull anyconnect connection but i can't ping my firewall Interface IPs while i am in the connection.
ASA 5510
Outside IP: 192.168.1.1/24
PC connected to Outside Interface: 192.168.1.10/24
Inside IP:10.10.10.1/24
PC connected to Inside Interface: 10.10.10.100/24
Pool : 10.20.20.11 - 10.20.20.50 /24
I have a successful VPN connection & the PC connected to the outside Interface gets an IP address from the assigned pool (10.20.20.11 with default gateway of 10.20.20.1).But i can't reach (ping/telent) to the ASA while I am on the anyconnect VPN connection.
I beleive it is mostly due to NAT/Routing issue..
View 10 Replies
View Related
Mar 31, 2011
We have ASA5510 with version 7.x and asdm 5.X, i upgraded it to 8.3 and asdm 6.2, and i got vpn peers 250 and 2 ssl.when i try to connect through client software , i can see in the logs UDP 500 port is created as shown below.Mar 31 2011 23:54:40 302015 94.97.180.0 57013 x.x.x.x 500 Built inbound UDP connection 56694 for outside:94.97.180.0/57013 (94.97.180.0/57013) to identity:x.x.x.x/500 (x.x.x.x/500) no other things are going on , and i get error as shown below.
Secure VPN Connection terminated Locally by the client
Reason 412: Remote peer is no longer Responding
Connection terminated on.
i am suspecting it is VPN-3DES-AES activation key issue.when i go to Remote Access VPN ---Advanced---SSL Seetings--From Left Encryption Panel Available Algorithems i have DES-SHA1 when i try to drag it tto Right panel of Active algorithems it gives me error *** below [ERROR] sl encryption rc4-sha1 des-sha1 The 3DES/AES algorithms require a VPN-3DES-AES activation key and currently in right panel of Active Algorithms i have only RC4-SHA1,
View 4 Replies
View Related
Jun 23, 2011
I have an ASA-5510 in a location that loses connectivity to the wan gateway after anywhere from five to fifteen minutes. At first I thought that the unit might be defective, but I replaced it with an ASA-5505 with similar results. A reload of the ASA-5510 will restore connectivity for the next quarter hour.
Here's the version information on the 5510:
Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)
Compiled on Tue 05-May-09 22:45 by builders
[Code].....
View 1 Replies
View Related
Nov 11, 2012
We currently have an ASA 5505 Firewall with VPN services configured. The system is running ASA Version 9.0.0 and ADSDM 7.0.2. I installed the "Cisco AnyConnect Sercure Mobility Client" Version 3.1.01065 on my Windows 7 Ultimate PC. When I try to connect to my VPN service I ge the following message:
Security Warning: Untrusted VPN Server Certificate! AnyConnect cannot verify the VPN server: XXX.XXX.XX.XX
-Certifiate does not match the server name
-Certificate is from an untrusted source.
-Certificate is not identified for this purpose.
Without purchasing a certificate from a 3rd Party vendor, is it possible to register a "Self" generated Certificate to get rid of this message? If so are there any "Detailed" (e.g., simplified or not in Cisco-eeze language) instructions on how to setup the Firewall to "push" the certificate to the VPN client so the message doesn't come up for the user?
View 5 Replies
View Related
Nov 6, 2012
I have been successfully able to setup Cisco AnyConnect VPN on ASA 5520 with 8.4 code. I have set it to authenticate against the RADIUS Server (Microsoft Windows 2008 NPS server). I have noticed one thing, on the server under "Constraints and Authentication Method". I picked MS-CHAP-v2, but it is considered Less secure authentication methods. I can click on Add and choose other Authentication methods like Smart Card or other Certificate, PEAP, EAP-MSCHAP v2. I picked PEAP but then the VPN does not work.
So first of all does it really matter if I just leave it to MS-CHAP-v2? Because from my understanding is that AnyConnect will authenticate to ASA and then ASA in the backend talks to the RADIUS server so from a security stand point this scenario shouldn't it be sufficient as no un encrypted or less secure information is available to the outside world? Secondly is there any documentation on using PEAP with Cisco AnyConnect?
View 4 Replies
View Related
Mar 1, 2011
I need to activate AnyConnect SecureMobility client on an IPAD. I have an ASA with the below feature licenses:
[code]...
This platform has an ASA 5520 VPN Plus license
As I've understood that I need the ASA-AC-M-5520 license for each IPAD used but they mentioned that we need also the Essential or premium license to be activated on the ASA as well. As shown above, I have the "VPN Plus license" activated on the firewall.
View 1 Replies
View Related
Sep 10, 2012
IOS SSL VPN fails to connect, CSCtx38806.pdf file for more info...There is bug with router IOS. if anyone cannot connect to router webvpn service via 3.1.00495 anyconnect client and it is giving you certificate error. you would be only able to connect via SSL web page not via client. Then please upgrade your IOS to latest version. IOS SSL VPN fails to connect after microsoft security update KB2585542 Workaround: Use rc4, w which is a less secure encryption option. If this meets your security needs, then you may use it as follows:
webvpn gatew ay gatew ay name
ssl encryption rc4-md5
I have anyconnect-win-2.5.6005-k9.pkg anyconnect installed on router. When I try to connect with webvpn from client on machine 2.5.6005 anyconnect or latest secure mobility client 00495. it gives me certificate error. it doesn’t connect me with IOS web VPN. I can connect via SSL web page. There is bug please upgrade your IOS to latest version.
View 2 Replies
View Related
Jun 15, 2012
Will the RV042 work with theAnyConnect Secure Mobility Client app? If so, is there and app note available? If not, which routers wil work with this app?
View 5 Replies
View Related
Oct 24, 2012
I recently got my hands on the latest Secure Mobility VPN v3.1.01 client. We are upgrading from the old anyconnect 2.4 client so there are many changes that are catching us by surprise. The biggest issue I have right now is that the new Mobility VPN launches automatically when a user signs into a machine. We would like to disable that automatic connection/launch feature. With the old 2.4 client we simply disabled the AnyConnect Service in Services.msc by default and started it up when a user was ready to connect.
View 5 Replies
View Related
Jul 30, 2012
Windows clients work fine. When loaced from safari in Mac OS, it also works fine. -- If I browse to the url, like vpn.xxx.com/profilename, I can login and anyconnect will start and connect automatically. Only when run from applications > Cisco > Cisco Anyconnect Secure Mobility Client, I will get this failure. Is this a configuration issue?
View 1 Replies
View Related
Jun 3, 2013
We are using an ASA 5520, running 8.4(3). We have users running the AnyConnect Secure Mobility Client 3.1.02026. I have the AnyConnect connection profile configured to authenticate users using LDAP over SSL. I enabled the password management and am able to get password change prompts to appear in the AnyConnect client. However, new passwords are rejected and changing passwords through that prompt does not work. I'm not sure what the cause of the problem is, since LDAP over SSL is enabled and working, which is required for the password management feature
View 9 Replies
View Related
Dec 26, 2011
Is Anyconnect supported for SA540 I have installed in on my android phone however I keep getting error "Unable to process data received from secure gateway" when trying to connect. If anyconnect is supported on SA540 how do I get it working?
View 1 Replies
View Related
Apr 1, 2012
I connect to my corporate network using Cisco AnyConnect Secure Mobility Client. Once connected I can no longer print to my LAN attached printer and other local resources. I use the Cisco/Lyncsys E4200 router on my LAN and can re-connect to the storage on the local LAN by setting up Port Forwarding of port 21 and MS Windows FTP folder sharing. However, I can't seem to connect to a Terminal Services client by forwarding port 3389. Is there a way to connect to the local LAN after logging into the VPN connection. I can connect to regular HTTP/HTTPS sites and most other type of connectiins, just not my own local resources.
View 3 Replies
View Related
Feb 8, 2011
we do have 2 Rv042, one in my office and one in my house.. in the office we do have static ip and at home none.. question is can i connect the two RV042?
View 1 Replies
View Related
Mar 22, 2011
I have some problems in my network with Gateway to Gateway Vpn Connection using two Rv042 routers.
I cannot ping the computers with static ip configuration.
In local an remote computers who have DHCP ip configuration i can ping each other .
View 1 Replies
View Related
Feb 2, 2011
we have just done 2 upgrades on our asa 5510...
1. we upgraded our 5510 ASA firmware from 6.21 to 6.41
2. we also upgraded to the latest csd package (we have upgraded from 3.5.841 to 3.5.2008)
after 2 reloads, it seems that all my prelogin policies are gone ,i try enable / disable CSD and it just don't go back...i only have the default policy
what can i do to bring them back ?
View 2 Replies
View Related
Mar 10, 2011
On my PC laptop, when we try to connect to the internet (wireless router) through firefox we get the error message"Firefox can't establish a connection to the server @ cn-us.start3.monzilla.com. When we try using Window explorer we get "Internet Explorer can't display webpage" When prompted to click on "diagnose connection problem" it states Windows did not find any problems with this computer network connection.
A couple of points... the connection indication at the bottom states the laptop is connected to the internet. (WLAN ON)I have a Mac that is connected to our internet and doesn't have any problems.We have Windows Vista on the PC laptop
View 14 Replies
View Related
Nov 13, 2008
I have SSH and SCP enabled on the ASA 5510. I can SSH fine into the device. However, I cannot copy files to the device usng WinSCP. Used all options but nothign seems to work. I see the log authentication successful, but then WinSCP reports no response from ASA.
View 5 Replies
View Related
Dec 20, 2011
I have tried to establish a VPN-Connection from Ipad (via the Ipad built-in vpn-client) to a SA540.Unfortunately without any results. I get the message "Server is not responding". (A VPN Connection from a normal Software-Client running on W7 works fine).
View 0 Replies
View Related
Feb 7, 2011
I am facing problem when trying to establish VPN connection between ASA and 1841 router. Peer comes up but traffic is encrypt and decrypt. when assign route (ip route 192.168.x.0 255.255.255.0 fa0/0) to remote local subnet there is a traffic but one reply and one drop
ping from
192.168.y.62
-------------------------------------------------
Reply from 192.168.x.55: bytes=32 time=493ms TTL=127Request timed out.Reply from 192.168.x.55: bytes=32 time=633ms TTL=127Request timed out.Reply from 192.168.x.55: bytes=32 time=375ms TTL=127Request timed out.Reply from 192.168.x.55: bytes=32 time=528ms TTL=127Request timed out.
[code].....
View 1 Replies
View Related
Apr 28, 2011
I connected my home laptop to the work network to download some (legal) software (by cable) but it didn't work. When I detached it the internet access to the desktop machine was not functioning. That was diagnosed as a problem with the I.P. address (presumably when i attached my laptop.) It was fixed over the phone through a START>RUN>CMd>config process. Now I find that my laptop won't connect to my NetGear home link (also cable) and wonder if the same problem might be happening, that connecting the laptop to the work network has scrambled it's recognition of the server or the I.P. address.I tried updating Kaspersky 2011 databases but it just keeps saying 'source not found'Another laptop using the same router connects perfectly each time.
View 2 Replies
View Related
Jul 17, 2012
i am trying to establish a VPN connection between two remote offices.In the home side I have Cisco 1811W and on the far side CiscoSRP541.
What is the best solution to build a site-to-site VPN between those two locations. I originally thought to configure a GRE tunnel on the routers, but faced some issues with that.
View 9 Replies
View Related
Apr 3, 2012
I am facing problem connecting via vpn to my asa5510 using anyconnect.My anyconnect client shows "network access: unavailable - no networks detected" before i attempt to establish my vpn.Upon establishing vpn, i was prompted username and password which went through but i was given the error "anyconnect was not able to establish a connection to the specified secure gateway. Please try connecting again".I face this problem after replacing my pc. I was able to connect without problems on my previous pc.The vpn connection uses cert which i have already import to my new pc and authentication is fine since no authentication error. No changes made on my firewall.
View 1 Replies
View Related
May 23, 2012
I have an ASA 5510 I'm trying to use as an SSL VPN provider. I have Anyconnect windows and mobile licenses from Cisco. I'm looking for a straight forward configuration guide to use. Right now I only need to iPhone and Android clients to work with the VPN, but in the future we might add windows clients.
I was going to use this guide: [URL]. Until I talked to Cisco tech support, they recommended I use the following:[URL] Which is a lot longer and a bit unclear about the whole process, and also points me to this guide:[URL]Which is longer still, and not applicable for the most part.So, what's going to be the best guide to use? Did I have it right the first time? Do I need to go to another site to find something?
View 1 Replies
View Related
May 17, 2011
we have ASA 5510 with IPS and base license. Now we need Anyconnect support for more than 2 users.
Is for Anyconnect (tunnel-mode) only the Anyconnect Essentials license enough? Do I need a license for SSL VPN peers? What about Anyconnect clientless, I see that I need a premium license? Is this one enough ASA5510-SSL50-K9? It is really expensive in comparison with Anyconnect Essentials.
Here is my sh ver output:
Licensed features for this platform:Maximum Physical Interfaces : Unlimited Maximum VLANs : 50 Inside Hosts : Unlimited Failover : DisabledVPN-DES : Enabled
[Code]....
View 7 Replies
View Related
Apr 17, 2013
I have an internal application which requires operators to have a static IP address. I'm looking for a way to do this for our VPN users. At the moment they are given a random DHCP address from a pool. Is there an easy way to get a static address assigned to VPN users on a Cisco ASA5510 any connect VPN?
View 3 Replies
View Related
Feb 3, 2007
We have several ASA 5510 firewalls which are being used as VPN gateways.RSA SecurID is the authentication mechanism using native SDI connectivity. No ACS server is being used.Is it possible to assign user Group and other attributes (such as ACL), using the SecurID RADIUS server? I know this is what the Cisco ACS is for, but is it possible using the RSA RADIUS server itself?
View 11 Replies
View Related
