Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7262
Views
0
Helpful
5
Replies

Host Unreachable when trying to connect using the AnyConnect client

borealc
Level 1
Level 1

‎08-10-2010 10:18 AM - edited ‎02-21-2020 04:47 PM

When trying to connect using the Cisco AnyConnect client (2.5.0.217) is received the following error message: Host Unreachable.  However, if I enter my ASA's IP address in my browser, it prompts me to enter my username and passwords, downloads/updates the client and I cannot.  Any idea what could be the issue? My ASA is running version 8.2(1) and ASDM version 6.2(1).

Thanks

Labels:
0 Helpful
5 Replies 5

Todd Pula
Level 7
Level 7

‎08-10-2010 02:47 PM

Does your test client have a DNS server configured?  Can you browse the Internet?  Are you able to resolve the FQDN of your WebVPN to an IP?

0 Helpful

borealc
Level 1
Level 1
In response to Todd Pula

‎08-10-2010 06:06 PM

Yes, my test client has a DNS server configured and I can browse the Internet.  However, I only use my ASA's IP as I haven't registered my ASA in DNS.  What I find strange and accidentally omitted from my original post is that, if I type my ASA's IP address in a browser (https://asa_ipaddress:4443) I get a login page prompting me to select a profile and enter a username and password, after which the client is downloaded and connected.  However, if I simply launch the AnyConnect client and enter my ASA's IP address I receive the following error message: Connection attempt has failed:Host Unreachable.

0 Helpful

Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to borealc

‎08-10-2010 07:41 PM

Hello,

I guess the issue is with you enabling both ASDM and WebVPN on the outside

interface. Can you check to see if you have a "port 4443" in the

configuration?

webvpn

port 4443

If it is in there, then what you are seeing is normal. If you would like to

access WebVPN via port 443, then please remove the port command and change

the ASDM port to 4443.

http server enable 4443

Hope this helps.

Regards,

NT

0 Helpful

borealc
Level 1
Level 1
In response to Nagaraja Thanthry

‎08-11-2010 06:13 AM

Is that the best practice in this case?  What does Cisco recommend?

0 Helpful

Todd Pula
Level 7
Level 7
In response to borealc

‎08-11-2010 06:48 AM

If you are usinga non-standard SSL port, you will also need to specifiy the configured port when entering the IP address directly into the AnyConnect client.  Without this, AnyConnect will try to connect on TCP 443 by default.  You can also configure an AnyConnect XML profile to pre-position the hostname, IP address, and port so that your end users do not need to worry about it.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents