-Problem Description: Users stating that a profile which has been working is now giving some users the message "Failed to get configuration from secure gateway. Contact your system administrator." when they attempt to connect to the VPN server/"secure gateway". This happens in both the clientless and Anyconnect clients.
-Fix: the profile.xml was not properly configured to match the Group Policy.
If you are pulling from tftp then the disk0:/ command would be replaced accordingly.
Along with these ensure that you have the latest Java update and it is a trusted site in the Java Control Panel. Ensure The Java and/or ActiveX settings will allow the profile to load off the VPN server by URL and ensure it is enabled like below.
We had the same issue here too. The reason was, that on the client there was an older version of anyconnect installed, but an update of the client was not successful (maybe because of some security configuration on windows, for example SRP or something of that kind ...). So the client disconnected to update (and reconnect with the updated version), but tthat never happened because the update failed ...
To enable (temporarily) the connectivity with the older version of anyconnect client, i configured the firewall to provide only the old version of the client to connecting PCs:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :