AnyConnect and Connections to this secure gateway are not permitted

Answered Question
Sep 28th, 2010

Hi,

I am trying to figure out an issue I am having with AnyConnect 2.5.  After I login to the SSL VPN Portal and download and install the client I receive this message.  Also once the client installs I have no network connectivity at all.  Once I uninstall the client I am able to access the Internet and network connectivity is restored.  Its obviously a config issue but I cant figure out where I am going wrong.  I am also unable to change the connect to field as its locked down.

error.JPG

I have this problem too.
0 votes
Correct Answer by Christopher.Hayre about 6 years 2 months ago

This is occurring because you, in your profile config, have it configured for always on VPN connectivity.  AC 2.5 and ASA 8.3 introduced the capability to enforce always-on connectivity for the purpose of providing greater control and security over endpoints.  This can be corrected by either modifying your profile, or making an exception through DAP or ASA GP.  I have posted a link to the doc below. Please refer to the sections under trusted network detection and always on VPN.

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac03features.html

Hope this helps.  Let me know if you have further questions.

Thanks,

Christopher

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Federico Coto F... Tue, 09/28/2010 - 14:53

Hi,


Are you connecting to an ASA or IOS?

If you have split-tunneling disabled, all traffic will be sent through the tunnel (Internet will be lost unless it's configured properly on the headend device).

Is it a problem on this particular machine only?

I mean, if you try to connect with the AnyConnect from any other machine same thing happens?

Federico.

niall-wilkins Tue, 09/28/2010 - 16:06

Hi,

Its an ASA 5510 running version 8.3.  Split tunneling has not been configured as it is not allowed in our enviornment.  I have tried anyconnect from both Windows XP and Windows 7 systems but everytimg it comes up with this message.  We ar just looking to allow the user to bring up the anyconnect to create an SSL tunnel when they are not in the office

Correct Answer
Christopher.Hayre Wed, 09/29/2010 - 15:43

This is occurring because you, in your profile config, have it configured for always on VPN connectivity.  AC 2.5 and ASA 8.3 introduced the capability to enforce always-on connectivity for the purpose of providing greater control and security over endpoints.  This can be corrected by either modifying your profile, or making an exception through DAP or ASA GP.  I have posted a link to the doc below. Please refer to the sections under trusted network detection and always on VPN.

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac03features.html

Hope this helps.  Let me know if you have further questions.

Thanks,

Christopher

niall-wilkins Mon, 10/04/2010 - 11:30

Thanks.  It was the always on feature that was the issue.  I disabled this and now I have no issues connecting.  I now need to read up on configuring always on

Thanks

Actions

This Discussion

Related Content