cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
189
Views
20
Helpful
6
Replies
cruseb1
Beginner

The secure gateway has rejected the connection attempt. AnyConnect

I have an issue with connecting to ASA. I am unable to connect to FQDN but I can connect by IP. I have included the running config as well as screen shots. Any help would be greatly appreciated. I am a bit of a noob and just cant figure this one out.

 

The actual error displayed for is "The secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication."

 

Thanks

AnyConnect-error2.png

AnyConnect-error1.png

  

1 ACCEPTED SOLUTION

Accepted Solutions

ok 
can you ping the FQDN ? if yes then 
https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html


try this way add the FQDN to Certificate "FQDN is same as it appear in DNS".

View solution in original post

6 REPLIES 6

This is connecting to the ASA, I have the split DNS setup and everything works fine when I connect to the ASA by the IP Address. When I try to connect by the FQDN of the ASA (I have a SSL Certificate issued by GoGetSSL as well as the CA certificate installed on the ASA) The connection attempt fails, and I don't understand why.

 

Brian

Also It's no the DHCP bug either, I get a connection to the ASA when I use the IP Address.

cruseb1
Beginner

Here are the log files from the ASA when connecting via the FQDN. The IP's have been scrubbed. 

XXX.XXX.XXX.205 is the outside interface

xxx.xxx.82.51 is the ip of the connecting laptop

 

 

ok 
can you ping the FQDN ? if yes then 
https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html


try this way add the FQDN to Certificate "FQDN is same as it appear in DNS".

cruseb1
Beginner

@MHM Cisco World ..... Good Call.. That wasn't the issue however retracing all of my steps setting up the host A record and requesting the certificate helped me see the issue. I use cloudflare as my provider and when I setup the "A" record I did not change it from the default "DNS and Proxy". I changed the "A" record to "DNS Only" and that fixed the issue. 

Thank You for all of the help!!!!

 

Brian