cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
21605
Views
0
Helpful
7
Replies

Error - AnyConnect cannot confirm it is connected to your secure gateway

stevewallone
Level 1
Level 1

Hello,

Environment Details:

OS - Ubuntu 9 64 bit

AnyConnect 2.5 64 bit.

When attempting to connect to a site that uses a self signed certificate AnyConnect displays :

"AnyConnect cannot confirm it is connected to your secure gateway"

I noticed in the release notes it mentioned this error is caused when strict mode is enabled. Does strict mode need to be disable? If so, how? I'm able to connect in a Windows 7 environment, but a dialog does display asking if I want to trust the untrusted source. Any ideas?

Thanks,

Steve

7 Replies 7

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Steve,

I'm not an expert on this matter but I can have a look.

Can you show me "show tech" from headend and make an strace with a failing connection?

Marcin

I'm don't have access to the server. It looks like you are asking for output from the server process. Right? I did point the administration staff to this thread. Hopefully we'll be able to get you the requested info. In the meantime, I tried executing from the command line and came up with a slightly different error.

./vpn connect XXX.XXX.XXX.XXX
Cisco AnyConnect VPN Client (version 2.5.1025) .

Copyright (c) 2004 - 2010 Cisco Systems, Inc.
All Rights Reserved.


  >> state: Disconnected
  >> warning: No profile is available.  Please enter host to "Connect to".
  >> notice: VPN Service is available.
  >> registered with local VPN subsystem.
  >> state: Disconnected
  >> notice: VPN Service is available.
VPN>   >> contacting host (XXX.XXX.XXX.XXX) for login information...
  >> notice: Contacting XXX.XXX.XXX.XXX.
VPN>
  >> Please enter your username and password.

Username: [xxxxxx]
Password:
  >> state: Connecting
  >> notice: Establishing VPN session...
  >> error: The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again.
  >> notice: Connection attempt has failed.
  >> state: Disconnected

Steve,

Strace is local on unix.

Try:

strace ./vpn connect XXX.XXX.XXX.XXX

Marcin

strace attached...

Steve,

Are you sure that linux Anyconnect package is available on the ASA?

I see this in strace:

"  >> error: The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again."

Could be also related to:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCte99278

Marcin

stevewallone
Level 1
Level 1

More info... When connecting via a Windows 7 client, a dialog displayed stating the connection attempt was to an untrusted source. Diving deeper into the dialog allowed importing the certificate into a keystore. I'm wondering if I could import that certificate on the Linux side. If so, do you know where the keystore used by the Linux version is located?

Steve,

Anyconnect on linux will use Firefox's certificate store.

Marcin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: