Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2082
Views
5
Helpful
3
Replies

Anyconnect ASA 5520 Error : Login denied, unauthorized connection mechanism, contact your administrator.

manish arora
Level 6
Level 6

‎02-08-2014 07:45 PM - edited ‎02-21-2020 07:29 PM

Hi,

I just configured Anyconnect on my firewall and I am getting a error that has me stumped for last 2 days. I am running 8.2.5 version on my ASA 5520. I am getting the following error when I try to connect to the ASA SSL vpn from the web browser :

"Login denied, unauthorized connection mechanism, contact your administrator."

and getting following error if I try to connect to the asa from a previously installed anyconnect client :

"Anyconnect not enabled on the device"

Getting the following error with "Debug webvpn sessions" :

webvpn_create_session: 0x00036000 (54)

webvpn_destroy_session: 0x00036000 (54) -> Client type not supported

webvpn_destroy_session: SESS_Mgmt_FreeSession(0x00036000) (54)

webvpn_session_free: 0x00036000 (54)

My WebVpn configuration is correct ( mentioned below ) and I am still using the 2 trial license that comes default with the ASA.

Configuration :

asa5520# sh run webvpn

webvpn

enable Backup

enable Outside

svc image disk0:/anyconnect-macosx-i386-3.1.05152-k9.pkg 1

svc image disk0:/anyconnect-win-3.1.05152-k9.pkg 2

svc image disk0:/anyconnect-linux-64-3.1.05152-k9.pkg 3

svc image disk0:/anyconnect-linux-3.1.05152-k9.pkg 4

svc enable

tunnel-group-list enable

  auto-signon allow ip 10.10.10.201 255.255.255.255 auth-type all

  auto-signon allow ip 10.10.9.10 255.255.255.255 auth-type all

asa5520#

group-policy SSL-IT internal

group-policy SSL-IT attributes

dns-server value 10.10.9.101 10.10.9.100

vpn-tunnel-protocol svc

split-tunnel-policy tunnelspecified

split-tunnel-network-list value SSL_SPLITACL

default-domain value XXXXX.com

split-dns value XXXXXX.com XXXXXX.com

tunnel-group SSL-IT type remote-access

tunnel-group SSL-IT general-attributes

address-pool SSLVPN_IT_Pool

authentication-server-group WindowsIAS

default-group-policy SSL-IT

tunnel-group SSL-IT webvpn-attributes

nbns-server SRV01_Private master timeout 2 retry 2

group-alias XXXX-IT enable

group-url https://sslvpn.XXXXXXX.com/it enable

IF it matters , the anyconnect was working fine during testing but when we added new group policies , it started giving this error. I have also rebooted the firewall just in case but still getting the same error.

Please if anyone had seen this issue before , it would be helpful to guide me in right direction.

Thank you

Manish

Labels:
0 Helpful
3 Replies 3

manish arora
Level 6
Level 6

‎02-26-2014 11:00 AM

This is resolved, The issue was with the Windows IAS server configuration. After redoing the radius configuration in the server , anyconnect started to work properly.

Thanks

Manish

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to manish arora

‎02-26-2014 02:51 PM

Thanks for providing us with your resolution. I upvoted your post to make the solution more visible to future folks with the same issue.

0 Helpful

keonis1316
Level 1
Level 1
In response to manish arora

‎05-29-2015 02:53 PM

What was the solution? I'm currently having the same issues at the moment. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents