I have a customer who is trying to connect to their SSL VPN via AnyConnect client. They have a Cisco ASA 5515x running ASA 8.6(1)2, using AnyConnect for windows
When the attempt to connect they get the following error message:
The VPN connection failed due to unsuccessful domain name resolution
They never get to a login prompt. They have attempted to connect using the IP address of the Cisco ASA, as well as the Domain name pointing to the ASA.
They have other devices coming from the same location running win7 that have no problems connecting. I believe this is a client side, or client PC issue. Any advice would be appreciated.
While I never had a specific answer to the root cause of this issue, the client ended up formatting the computer and reinstalling windows. They were then able to install and run cisco anyconnect.
I did not receive any further details from the client regarding this.
I beleive this is more of a client issue than VPN server.
Specify the group-url in the tunnel-group command as shown below
tunnel-group your-tunnel webvpn-attributes
group-url https://outside-interface-ip/extension enable
Use the specified url while connecting to the VPN (outside-interface-ip/extension)
Worked for me.
We had this exact same problem and during troubleshooting we discovered that the anyconnect.xml file had become corrupted, meaning the format of the file was no longer usable by the VPN client. Connecting to another region (different set of VPN HEs) caused a new file to be downloaded, and then we were able to connect to the original HEs. We don't know why the anyconnect.xml file became corrupted, but this fixed the problem in all cases.
It's important to note that the AnyConnect client (at least in Windows) does not seem to trim any trailing spaces on the name either. If you "pad" the name with an extra space it will fail. To add to the fun, this hostname is saved through an uninstall/reinstall cycle (probably a registry entry?) so the only way to remove it is to notice that extra space and delete it manually - or re-enter the name from scratch and then wonder why it works when you just typed in the same (or so you think) FQDN as before.
I had this very same error message.
I found out that the AnyConnect service was configured on a non-standard port:
ASA# sh run webvpn
Adding ":444" to the connection URL obviously solved the issue.