Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unable to Connect with AnyConnect Secure Mobility Client

When trying to connect with Cisco AnyConnect Secure Mobility Client on Windows XP SP3 getting the following error:

Function: CTransportWinHttp::SendRequest

File: .\CTransportWinHttp.cpp

Line: 1170

Invoked Function: HttpSendRequest

Return Code: 806 (0x00000326)

Description: WINDOWS_ERROR_CODE

Function: CTransportWinHttp::SendRequest

File: .\CTransportWinHttp.cpp

Line: 1178

Invoked Function: CTransportWinHttp::handleRequestError

Return Code: -30015479 (0xFE360009)

Description: CTRANSPORT_ERROR_UNEXPECTED

and finally I get the following message:

Function: ConnectMgr::processIfcData

File: .\ConnectMgr.cpp

Line: 2763

Invoked Function: ConnectMgr::processIfcData

Return Code: -30015443 (0xFE36002D)

Description: CTRANSPORT_ERROR_CONN_UNKNOWN

Connection attempt failed.  Please try again.

Any ideas, thanks,

Ashok.

7 REPLIES
Cisco Employee

Unable to Connect with AnyConnect Secure Mobility Client

Is it happening with only windows XP machine or with everyone?

If possible please share the full dart logs.

What is the version of the ASA and the Anyconnect?

Thanks

Jeet Kumar

Cisco Employee

Unable to Connect with AnyConnect Secure Mobility Client

Please send me the output of the following command " sh run all ssl"

Cisco Employee

Unable to Connect with AnyConnect Secure Mobility Client

OK,

just issue the following command "Sh run all ssl"  and if you see something like this:

"ssl encryption rc4-sha1" change it to "ssl encryption aes256-sha1 aes128-sha1 3des-sha1 rc4-sha1 rc4-md5 des-sha1"

check the anyconnect local policy on you machine and make sure the FIPS is disable. It will ba a file name as             "AnyConnectLocalPolicy.xml" and when you open it you should have FIPS as false. Something like this:

false

Please try it and let me know if it helps. I would still request the complete DART files in case the above doesn't help.

Thanks

Jeet

New Member

Unable to Connect with AnyConnect Secure Mobility Client

Thanks Jeet, since this is a Windows machine, the command

"sh runl all ssl"

Is there any equivalent command in Windows. We are being told the issue maybe because Windows-XP supports AES-128 and the site is set for AES-256. Please advise.

Silver

Unable to Connect with AnyConnect Secure Mobility Client

Hi Ashok,

You need to run "sh runl all ssl" on ASA.if you see output of this command something like this:

"ssl encryption rc4-sha1",  then run this command:-

"ssl encryption aes256-sha1 aes128-sha1 3des-sha1 rc4-sha1"

For checking your FIPS mode enable, go to following location on your client machine:-

c:/ProgramData/Cisco/Cisco Anyconnect Secure Mobility Client. You can open a file named "AnyConnectLocalPolicy.xml".

when you open it you should have FIPS as false. Something like this:

false

Please make these changes and then check the connection.

Regards,

Naresh


New Member

Unable to Connect with AnyConnect Secure Mobility Client

Hi Jeet and Naresh,

I found the file AnyConnectLocalPolicy.xml on Windows XP: C:\Documents and Settings\All Users\Application Data\Cisco\Cisco AnyConnect Secure Mobility Client

This is given in the following document:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac04localpolicy.html#wp1055381

My current settings are given below, as you can see the FipsMode is set to False

...

false

...

I'm assuming that ASA is Cisco Adaptive Security Appliance (ASA).

So the change being suggested by you would need to be run on the Security Appliance, I suppose.

Please confirm.

Thanks for your help,

Ashok.

Silver

Unable to Connect with AnyConnect Secure Mobility Client

Yes, we need to check  the encryption settings on Security appliance.

Regards,

Naresh

2464
Views
10
Helpful
7
Replies
CreatePlease login to create content