- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-20-2022 09:28 AM - edited 05-20-2022 11:25 AM
I have an issue with connecting to ASA. I am unable to connect to FQDN but I can connect by IP. I have included the running config as well as screen shots. Any help would be greatly appreciated. I am a bit of a noob and just cant figure this one out.
The actual error displayed for is "The secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication."
Thanks
Solved! Go to Solution.
- Labels:
-
Cisco Bugs
-
Security
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2022 05:52 PM - edited 05-21-2022 06:20 PM
ok
can you ping the FQDN ? if yes then
https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html
try this way add the FQDN to Certificate "FQDN is same as it appear in DNS".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-20-2022 09:37 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-20-2022 10:00 AM
This is connecting to the ASA, I have the split DNS setup and everything works fine when I connect to the ASA by the IP Address. When I try to connect by the FQDN of the ASA (I have a SSL Certificate issued by GoGetSSL as well as the CA certificate installed on the ASA) The connection attempt fails, and I don't understand why.
Brian
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-20-2022 10:01 AM
Also It's no the DHCP bug either, I get a connection to the ASA when I use the IP Address.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-20-2022 10:39 AM
Here are the log files from the ASA when connecting via the FQDN. The IP's have been scrubbed.
XXX.XXX.XXX.205 is the outside interface
xxx.xxx.82.51 is the ip of the connecting laptop
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2022 05:52 PM - edited 05-21-2022 06:20 PM
ok
can you ping the FQDN ? if yes then
https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html
try this way add the FQDN to Certificate "FQDN is same as it appear in DNS".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2022 06:09 PM
@MHM Cisco World ..... Good Call.. That wasn't the issue however retracing all of my steps setting up the host A record and requesting the certificate helped me see the issue. I use cloudflare as my provider and when I setup the "A" record I did not change it from the default "DNS and Proxy". I changed the "A" record to "DNS Only" and that fixed the issue.
Thank You for all of the help!!!!
Brian
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-23-2024 04:12 AM - edited 02-23-2024 04:13 AM
Can you get solution for this issue , I am also facing same issue
