×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Anyconnect ASA 5520 Error : Login denied, unauthorized connection mechanism, contact your administrator.

Unanswered Question
Feb 8th, 2014
User Badges:
  • Silver, 250 points or more

Hi,

I just configured Anyconnect on my firewall and I am getting a error that has me stumped for last 2 days. I am running 8.2.5 version on my ASA 5520. I am getting the following error when I try to connect to the ASA SSL vpn from the web browser :


"Login denied, unauthorized connection mechanism, contact your administrator."


and getting following error if I try to connect to the asa from a previously installed anyconnect client :


"Anyconnect not enabled on the device"


Getting the following error with "Debug webvpn sessions" :


webvpn_create_session: 0x00036000 (54)

webvpn_destroy_session: 0x00036000 (54) -> Client type not supported

webvpn_destroy_session: SESS_Mgmt_FreeSession(0x00036000) (54)

webvpn_session_free: 0x00036000 (54)



My WebVpn configuration is correct ( mentioned below ) and I am still using the 2 trial license that comes default with the ASA.


Configuration :

asa5520# sh run webvpn

webvpn

enable Backup

enable Outside

svc image disk0:/anyconnect-macosx-i386-3.1.05152-k9.pkg 1

svc image disk0:/anyconnect-win-3.1.05152-k9.pkg 2

svc image disk0:/anyconnect-linux-64-3.1.05152-k9.pkg 3

svc image disk0:/anyconnect-linux-3.1.05152-k9.pkg 4

svc enable

tunnel-group-list enable

  auto-signon allow ip 10.10.10.201 255.255.255.255 auth-type all

  auto-signon allow ip 10.10.9.10 255.255.255.255 auth-type all

asa5520#


group-policy SSL-IT internal

group-policy SSL-IT attributes

dns-server value 10.10.9.101 10.10.9.100

vpn-tunnel-protocol svc

split-tunnel-policy tunnelspecified

split-tunnel-network-list value SSL_SPLITACL

default-domain value XXXXX.com

split-dns value XXXXXX.com XXXXXX.com


tunnel-group SSL-IT type remote-access

tunnel-group SSL-IT general-attributes

address-pool SSLVPN_IT_Pool

authentication-server-group WindowsIAS

default-group-policy SSL-IT

tunnel-group SSL-IT webvpn-attributes

nbns-server SRV01_Private master timeout 2 retry 2

group-alias XXXX-IT enable

group-url https://sslvpn.XXXXXXX.com/it enable


IF it matters , the anyconnect was working fine during testing but when we added new group policies , it started giving this error. I have also rebooted the firewall just in case but still getting the same error.

Please if anyone had seen this issue before , it would be helpful to guide me in right direction.


Thank you

Manish

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
manish arora Wed, 02/26/2014 - 11:00
User Badges:
  • Silver, 250 points or more

This is resolved, The issue was with the Windows IAS server configuration. After redoing the radius configuration in the server , anyconnect started to work properly.


Thanks

Manish

Marvin Rhoads Wed, 02/26/2014 - 14:51
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

Thanks for providing us with your resolution. I upvoted your post to make the solution more visible to future folks with the same issue.

keonis1316 Fri, 05/29/2015 - 14:53
User Badges:

What was the solution? I'm currently having the same issues at the moment. 

Actions

This Discussion