Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1833
Views
20
Helpful
6
Replies

The secure gateway has rejected the connection attempt. AnyConnect

Go to solution
cruseb1
Beginner
Beginner

‎05-20-2022 09:28 AM - edited ‎05-20-2022 11:25 AM

I have an issue with connecting to ASA. I am unable to connect to FQDN but I can connect by IP. I have included the running config as well as screen shots. Any help would be greatly appreciated. I am a bit of a noob and just cant figure this one out.

 

The actual error displayed for is "The secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication."

 

Thanks

AnyConnect-error2.png

AnyConnect-error1.png

  

Labels:
Preview file
9 KB
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
Mentor
Mentor
In response to cruseb1

‎05-21-2022 05:52 PM - edited ‎05-21-2022 06:20 PM

ok 
can you ping the FQDN ? if yes then 
https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html


try this way add the FQDN to Certificate "FQDN is same as it appear in DNS".

View solution in original post

0 Helpful
6 Replies 6

Go to solution
cruseb1
Beginner
Beginner
In response to MHM Cisco World

‎05-20-2022 10:00 AM

This is connecting to the ASA, I have the split DNS setup and everything works fine when I connect to the ASA by the IP Address. When I try to connect by the FQDN of the ASA (I have a SSL Certificate issued by GoGetSSL as well as the CA certificate installed on the ASA) The connection attempt fails, and I don't understand why.

 

Brian

Go to solution
cruseb1
Beginner
Beginner
In response to cruseb1

‎05-20-2022 10:01 AM

Also It's no the DHCP bug either, I get a connection to the ASA when I use the IP Address.

Go to solution
cruseb1
Beginner
Beginner

‎05-20-2022 10:39 AM

Here are the log files from the ASA when connecting via the FQDN. The IP's have been scrubbed. 

XXX.XXX.XXX.205 is the outside interface

xxx.xxx.82.51 is the ip of the connecting laptop

 

 

Preview file
4 KB

Go to solution
MHM Cisco World
Mentor
Mentor
In response to cruseb1

‎05-21-2022 05:52 PM - edited ‎05-21-2022 06:20 PM

ok 
can you ping the FQDN ? if yes then 
https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html


try this way add the FQDN to Certificate "FQDN is same as it appear in DNS".

0 Helpful

Go to solution
cruseb1
Beginner
Beginner

‎05-22-2022 06:09 PM

@MHM Cisco World ..... Good Call.. That wasn't the issue however retracing all of my steps setting up the host A record and requesting the certificate helped me see the issue. I use cloudflare as my provider and when I setup the "A" record I did not change it from the default "DNS and Proxy". I changed the "A" record to "DNS Only" and that fixed the issue. 

Thank You for all of the help!!!!

 

Brian 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents