Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AnyConnect and Connections to this secure gateway are not permitted

Hi,

I am trying to figure out an issue I am having with AnyConnect 2.5.  After I login to the SSL VPN Portal and download and install the client I receive this message.  Also once the client installs I have no network connectivity at all.  Once I uninstall the client I am able to access the Internet and network connectivity is restored.  Its obviously a config issue but I cant figure out where I am going wrong.  I am also unable to change the connect to field as its locked down.

error.JPG

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: AnyConnect and Connections to this secure gateway are not pe

This is occurring because you, in your profile config, have it configured for always on VPN connectivity.  AC 2.5 and ASA 8.3 introduced the capability to enforce always-on connectivity for the purpose of providing greater control and security over endpoints.  This can be corrected by either modifying your profile, or making an exception through DAP or ASA GP.  I have posted a link to the doc below. Please refer to the sections under trusted network detection and always on VPN.

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac03features.html

Hope this helps.  Let me know if you have further questions.

Thanks,

Christopher

5 REPLIES

Re: AnyConnect and Connections to this secure gateway are not pe

Hi,


Are you connecting to an ASA or IOS?

If you have split-tunneling disabled, all traffic will be sent through the tunnel (Internet will be lost unless it's configured properly on the headend device).

Is it a problem on this particular machine only?

I mean, if you try to connect with the AnyConnect from any other machine same thing happens?

Federico.

New Member

Re: AnyConnect and Connections to this secure gateway are not pe

Hi,

Its an ASA 5510 running version 8.3.  Split tunneling has not been configured as it is not allowed in our enviornment.  I have tried anyconnect from both Windows XP and Windows 7 systems but everytimg it comes up with this message.  We ar just looking to allow the user to bring up the anyconnect to create an SSL tunnel when they are not in the office

Re: AnyConnect and Connections to this secure gateway are not pe

So, if no computer is able to establish the AnyConnect connection properly, might be a configuation problem on the ASA.

Can you either share the relevant part of the configuration or take a look at this:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/svc.html

Federico.

New Member

Re: AnyConnect and Connections to this secure gateway are not pe

This is occurring because you, in your profile config, have it configured for always on VPN connectivity.  AC 2.5 and ASA 8.3 introduced the capability to enforce always-on connectivity for the purpose of providing greater control and security over endpoints.  This can be corrected by either modifying your profile, or making an exception through DAP or ASA GP.  I have posted a link to the doc below. Please refer to the sections under trusted network detection and always on VPN.

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac03features.html

Hope this helps.  Let me know if you have further questions.

Thanks,

Christopher

New Member

Re: AnyConnect and Connections to this secure gateway are not pe

Thanks.  It was the always on feature that was the issue.  I disabled this and now I have no issues connecting.  I now need to read up on configuring always on

Thanks

4092
Views
0
Helpful
5
Replies