Error - AnyConnect cannot confirm it is connected to your secure gateway

Unanswered Question
Sep 22nd, 2010

Hello,

Environment Details:

OS - Ubuntu 9 64 bit

AnyConnect 2.5 64 bit.

When attempting to connect to a site that uses a self signed certificate AnyConnect displays :

"AnyConnect cannot confirm it is connected to your secure gateway"

I noticed in the release notes it mentioned this error is caused when strict mode is enabled. Does strict mode need to be disable? If so, how? I'm able to connect in a Windows 7 environment, but a dialog does display asking if I want to trust the untrusted source. Any ideas?

Thanks,

Steve

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marcin Latosiewicz Wed, 09/22/2010 - 16:15

Steve,

I'm not an expert on this matter but I can have a look.

Can you show me "show tech" from headend and make an strace with a failing connection?

Marcin

stevewallone Thu, 09/23/2010 - 06:45

I'm don't have access to the server. It looks like you are asking for output from the server process. Right? I did point the administration staff to this thread. Hopefully we'll be able to get you the requested info. In the meantime, I tried executing from the command line and came up with a slightly different error.

./vpn connect XXX.XXX.XXX.XXX
Cisco AnyConnect VPN Client (version 2.5.1025) .

Copyright (c) 2004 - 2010 Cisco Systems, Inc.
All Rights Reserved.


  >> state: Disconnected
  >> warning: No profile is available.  Please enter host to "Connect to".
  >> notice: VPN Service is available.
  >> registered with local VPN subsystem.
  >> state: Disconnected
  >> notice: VPN Service is available.
VPN>   >> contacting host (XXX.XXX.XXX.XXX) for login information...
  >> notice: Contacting XXX.XXX.XXX.XXX.
VPN>
  >> Please enter your username and password.

Username: [xxxxxx]
Password:
  >> state: Connecting
  >> notice: Establishing VPN session...
  >> error: The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again.
  >> notice: Connection attempt has failed.
  >> state: Disconnected

Marcin Latosiewicz Thu, 09/23/2010 - 09:02

Steve,

Are you sure that linux Anyconnect package is available on the ASA?

I see this in strace:

"  >> error: The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again."

Could be also related to:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCte99278

Marcin

stevewallone Thu, 09/23/2010 - 09:11

More info... When connecting via a Windows 7 client, a dialog displayed stating the connection attempt was to an untrusted source. Diving deeper into the dialog allowed importing the certificate into a keystore. I'm wondering if I could import that certificate on the Linux side. If so, do you know where the keystore used by the Linux version is located?

Actions

This Discussion