Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
20752
Views
20
Helpful
7
Replies

The secure gateway has rejected the connection attempt. AnyConnect

Go to solution
cruseb1
Level 1
Level 1

‎05-20-2022 09:28 AM - edited ‎05-20-2022 11:25 AM

I have an issue with connecting to ASA. I am unable to connect to FQDN but I can connect by IP. I have included the running config as well as screen shots. Any help would be greatly appreciated. I am a bit of a noob and just cant figure this one out.

 

The actual error displayed for is "The secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication."

 

Thanks

AnyConnect-error2.png

AnyConnect-error1.png

  

2 people had this problem
Labels:
Running Config.txt
Preview file
9 KB
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP
In response to cruseb1

‎05-21-2022 05:52 PM - edited ‎05-21-2022 06:20 PM

ok 
can you ping the FQDN ? if yes then 
https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html


try this way add the FQDN to Certificate "FQDN is same as it appear in DNS".

View solution in original post

0 Helpful
7 Replies 7

Go to solution
cruseb1
Level 1
Level 1
In response to MHM Cisco World

‎05-20-2022 10:00 AM

This is connecting to the ASA, I have the split DNS setup and everything works fine when I connect to the ASA by the IP Address. When I try to connect by the FQDN of the ASA (I have a SSL Certificate issued by GoGetSSL as well as the CA certificate installed on the ASA) The connection attempt fails, and I don't understand why.

 

Brian

Go to solution
cruseb1
Level 1
Level 1
In response to cruseb1

‎05-20-2022 10:01 AM

Also It's no the DHCP bug either, I get a connection to the ASA when I use the IP Address.

Go to solution
cruseb1
Level 1
Level 1

‎05-20-2022 10:39 AM

Here are the log files from the ASA when connecting via the FQDN. The IP's have been scrubbed. 

XXX.XXX.XXX.205 is the outside interface

xxx.xxx.82.51 is the ip of the connecting laptop

 

 

Logs3.txt
Preview file
4 KB

Go to solution
MHM Cisco World
VIP
VIP
In response to cruseb1

‎05-21-2022 05:52 PM - edited ‎05-21-2022 06:20 PM

ok 
can you ping the FQDN ? if yes then 
https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html


try this way add the FQDN to Certificate "FQDN is same as it appear in DNS".

0 Helpful

Go to solution
cruseb1
Level 1
Level 1

‎05-22-2022 06:09 PM

@MHM Cisco World ..... Good Call.. That wasn't the issue however retracing all of my steps setting up the host A record and requesting the certificate helped me see the issue. I use cloudflare as my provider and when I setup the "A" record I did not change it from the default "DNS and Proxy". I changed the "A" record to "DNS Only" and that fixed the issue. 

Thank You for all of the help!!!!

 

Brian 

0 Helpful

Go to solution
rchandran612
Level 1
Level 1

‎02-23-2024 04:12 AM - edited ‎02-23-2024 04:13 AM

Can you get solution for this issue , I am also facing same issue 

0 Helpful
Customers Also Viewed These Support Documents
Top