取消
显示结果 
搜索替代 
您的意思是: 
cancel
公告

December 2020

December 2020

10016
查看次数
44
有帮助
7
回复
wx_vzmRwaMb
Beginner

Linux上登录Cisco AnyConnect VPN 报错

小弟遇到一个问题如下:通过linux去连接公司的VPN时报以下错误(如图),哪有大神有遇到过这问题吗?感谢~!!!:handshake
173701tqghrvtl4skr445u.png
>> error: The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again.
以下为Cisco VPN里面的软件包:
173900eikjjd31j6i4j36j.png
1 个已接受解答

已接受的解答
ilay
Rising star

本帖最后由 gengchunlin 于 2018-7-20 19:22 编辑
最好换一个4.x的包,
我在asa上挂了一个3.1的包,连接的时候也是报同样的错误。
换了一个4.1的包,就ok了
anyconnect-linux-64-4.1.08005-k9.pkg
估计比我设个版本高的都可以吧~~
=========
ulASA(config)# sh run webvpn
webvpn
enable ct
enable inside
enable outside
anyconnect image disk0:/anyconnect-win-4.5.01044-webdeploy-k9.pkg 1
anyconnect image disk0:/anyconnect-linux-64-4.1.08005-k9.pkg 2
anyconnect enable
tunnel-group-list enable
ulASA(config)#
=======
=======> linux output.[root@www ~]# vpn
Cisco AnyConnect Secure Mobility Client (version 4.5.01044) .
Copyright (c) 2004 - 2017 Cisco Systems, Inc. All Rights Reserved.
>> state: Disconnected
>> state: Disconnected
>> notice: Ready to connect.
>> registered with local VPN subsystem.
VPN> connect 192.168.12.1
connect 192.168.12.1
>> contacting host (192.168.12.1) for login information...
>> notice: Contacting 192.168.12.1.
AnyConnect cannot verify server: 192.168.12.1
- Certificate does not match the server name.
- Certificate is from an untrusted source.
Connecting to this server may result in a severe security compromise!
Most users do not connect to untrusted servers unless the reason for the error condition is known.
Connect Anyway? [y/n]: y
Group: sslvpn
Username: [ilay]
Password:
>> state: Connecting
>> notice: Establishing VPN session...
The AnyConnect Downloader is analyzing this computer. Please wait...
The AnyConnect Downloader is performing update checks...
>> notice: The AnyConnect Downloader is performing update checks...
The AnyConnect Downloader updates have been completed.
Please wait while the VPN connection is established...
>> notice: Checking for profile updates...
>> notice: Checking for product updates...
>> notice: Checking for customization updates...
>> notice: Performing any required updates...
>> notice: The AnyConnect Downloader updates have been completed.
>> state: Connecting
>> notice: Establishing VPN session...
>> notice: Establishing VPN - Initiating connection...
>> notice: Establishing VPN - Examining system...
>> notice: Establishing VPN - Activating VPN adapter...
>> notice: Establishing VPN - Configuring system...
>> state: Connected
>> notice: Establishing VPN...
>> notice: Connected to 192.168.12.1.
>> state: Connected
>> notice: Connected to 192.168.12.1.
VPN> exit
exit
goodbye...
>> note: VPN Connection is still active.
========end

在原帖中查看解决方案

7 条回复7
ilay
Rising star

本帖最后由 gengchunlin 于 2018-7-20 19:22 编辑
最好换一个4.x的包,
我在asa上挂了一个3.1的包,连接的时候也是报同样的错误。
换了一个4.1的包,就ok了
anyconnect-linux-64-4.1.08005-k9.pkg
估计比我设个版本高的都可以吧~~
=========
ulASA(config)# sh run webvpn
webvpn
enable ct
enable inside
enable outside
anyconnect image disk0:/anyconnect-win-4.5.01044-webdeploy-k9.pkg 1
anyconnect image disk0:/anyconnect-linux-64-4.1.08005-k9.pkg 2
anyconnect enable
tunnel-group-list enable
ulASA(config)#
=======
=======> linux output.[root@www ~]# vpn
Cisco AnyConnect Secure Mobility Client (version 4.5.01044) .
Copyright (c) 2004 - 2017 Cisco Systems, Inc. All Rights Reserved.
>> state: Disconnected
>> state: Disconnected
>> notice: Ready to connect.
>> registered with local VPN subsystem.
VPN> connect 192.168.12.1
connect 192.168.12.1
>> contacting host (192.168.12.1) for login information...
>> notice: Contacting 192.168.12.1.
AnyConnect cannot verify server: 192.168.12.1
- Certificate does not match the server name.
- Certificate is from an untrusted source.
Connecting to this server may result in a severe security compromise!
Most users do not connect to untrusted servers unless the reason for the error condition is known.
Connect Anyway? [y/n]: y
Group: sslvpn
Username: [ilay]
Password:
>> state: Connecting
>> notice: Establishing VPN session...
The AnyConnect Downloader is analyzing this computer. Please wait...
The AnyConnect Downloader is performing update checks...
>> notice: The AnyConnect Downloader is performing update checks...
The AnyConnect Downloader updates have been completed.
Please wait while the VPN connection is established...
>> notice: Checking for profile updates...
>> notice: Checking for product updates...
>> notice: Checking for customization updates...
>> notice: Performing any required updates...
>> notice: The AnyConnect Downloader updates have been completed.
>> state: Connecting
>> notice: Establishing VPN session...
>> notice: Establishing VPN - Initiating connection...
>> notice: Establishing VPN - Examining system...
>> notice: Establishing VPN - Activating VPN adapter...
>> notice: Establishing VPN - Configuring system...
>> state: Connected
>> notice: Establishing VPN...
>> notice: Connected to 192.168.12.1.
>> state: Connected
>> notice: Connected to 192.168.12.1.
VPN> exit
exit
goodbye...
>> note: VPN Connection is still active.
========end

在原帖中查看解决方案

Mansur
Engager

2.1?会不会版本太旧了,2008年的诶。。。不一定支持新系统。
你可以考虑试试anyconnect 4.x版本。
huoran1234
Participant

本帖最后由 huoran1234 于 2018-7-20 18:06 编辑
这个应该是你的anyconnect那个pkg文件没有放到ASA的disk下面,但是你这个倒是有,可是版本差的有点儿多。。试试升级版本呢
Rockyw
Advisor

本帖最后由 Rocky 于 2018-7-20 23:46 编辑
貌似在ASA里面添加你用的Cisco AnyConnect VPN client的版本就可以了
ASDM version 6.2

ASDM version 7.1

具体信息请参考:
AnyConnect Error: ‘The AnyConnect package on the secure gateway could not be located’
https://www.petenetlive.com/KB/Article/0000406
wx_vzmRwaMb
Beginner

gengchunlin 发表于 2018-7-20 19:18
最好换一个4.x的包,
我在asa上挂了一个3.1的包,连接的时候也是报同样的错误。
换了一个4.1的包,就ok了 ...

你好,如何把包挂上wbevpn里呢?还有如何删除旧的? 有命令吗
ilay
Rising star

wx_vzmRwaMb 发表于 2018-7-23 16:18
你好,如何把包挂上wbevpn里呢?还有如何删除旧的? 有命令吗

先将软件包从配置中删除关联
使用show run webvpn,查看webvpn当前的配置信息
然后no 掉linux对应的anyconnect image
之后删除linux pkg文件
删除使用delete命令ulASA# delete disk0:/anyconnect-linux-3.1.05187-k9.pkg
Delete filename [anyconnect-linux-3.1.05187-k9.pkg]?
Delete disk0:/anyconnect-linux-3.1.05187-k9.pkg? [confirm]
换新的pkg文件,先将文件通过ftp或者tftp上传至flash: (disk0:) --上传过程没有截图
上传完成之后,添加新的pkg文件
ulASA(config)# sh run webvpn
webvpn
enable ct
enable inside
enable outside
anyconnect image disk0:/anyconnect-win-4.5.01044-webdeploy-k9.pkg 1
anyconnect enable
tunnel-group-list enable
ulASA(config)# webvpn
ulASA(config-webvpn)# any image
ulASA(config-webvpn)# any image disk0:/an
ulASA(config-webvpn)# any image disk0:/anyconnect-linux-64-4.1.08005-k9.pkg 2 //之前已经上传过windows的image了,所以指定编号为2,如果不指定,则默认会替换第一个。
ulASA(config-webvpn)# anyconnect enable 保险起见,再敲一遍anyconnect enable
ulASA(config-webvpn)# exi
ulASA(config)# sh run webvpn
webvpn
enable ct
enable inside
enable outside
anyconnect image disk0:/anyconnect-win-4.5.01044-webdeploy-k9.pkg 1
anyconnect image disk0:/anyconnect-linux-64-4.1.08005-k9.pkg 2
anyconnect enable
tunnel-group-list enable
ulASA(config)#
操作完成之后测试即可。
wx_vzmRwaMb
Beginner

gengchunlin 发表于 2018-7-23 17:54
先将软件包从配置中删除关联
使用show run webvpn,查看webvpn当前的配置信息
然后no 掉linux对应的any ...

已解决好,谢谢。
Content for Community-Ad


不能显示该小部件。