07-28-2012 01:26 PM - edited 02-21-2020 06:13 PM
Hi
No doubt a well discussed topic but I have tried all sorts to try to get Anyconnect SBL working with no success.
I am running XP Pro SP3.
I can connect to my Anyconnect VPN with no problems via the FQDN once XP is up and running. However, when prompted to connect to the VPN prior to logging in I get the pretty non-descript error below.
Connection attempt failed. Please try again.
I tried removing the Anyconnect client and SBL application. I re-installed Anyconnect then re-connected and it automatically downloaded the SBL part. I then restarted my laptop.
I can see there is an attempt to connect to the ASA because I set up a capture but the attempt fails almost immediately with the error above.
I am using Anyconnect 3.0.08057 and a certificate on the ASA that is issued by a CA in my domain. I have that root certificate installed on my laptop in the Trusted Certificates Authorities store. I don't get any certificate issues during a manual VPN connection so I assume this isn't a certificate issue.
I'd appreciate any assistance anyone may have.
Thanks,
St.
Solved! Go to Solution.
08-05-2012 06:00 AM
I think it's becoming clearer why this is failing but not why SBL is doing what it seems to be doing.
During a manual VPN setup all goes ok and the setup takes place on port 442 as configured.
However, when I do the SBL connection, even though I have configured the client profile to go via port 442 it connects via 443. The ASA responds, a bit of an exchange takes place and the conversation is terminated. Obviously the ASA is saying I don't have Anyconnect on port 443 so go away.
Here's the Host entry in the client profile in C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\profile_name.xml
I I have named the hostname the same as the FQDN so that I know it us using that entry. But for some reason SBL seems to ignore the :442 and tries to connect to 443 regardless.
II When I log in and, as described above, initiate a manual VPN connection I select the hostname A.B.co.uk:442 from the Anyconnect client drop down list. In fact that's the only entry there as it should be. When I try to connect that way it works fine.
Am I missing some other aspect of this where SBL needs specifically told the ASA FQDN in a different location to the profile in C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\profile_name.xml ?
Thanks, St.
I
08-20-2012 07:28 AM
Cisco have said this is a bug but they are unsure whether the Anyconnect client can control the behaviour or it is a PLAP issue needing fixed by Microsoft.
I will update with any further info when I have it.
St.
08-27-2012 02:02 PM
Bug id below.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide