Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
32810
Views
0
Helpful
2
Replies

AnyConnect AlwaysOn not working

Go to solution
bvj197222
Level 1
Level 1

‎10-13-2018 04:38 AM - edited ‎02-21-2020 08:20 AM

I have configured AnyConnect with machine certification authentication and everything works nicely. I can log on and is authenticated as expected. Now I want to enable 'always on'. The config is as enclosed. After enabling the 'automatic VPN policy' and 'always on' options the vpn-client reports 'it may be necessary to connect via a proxy, which is not supported with Always on' (see error 1). As a consequence I also get the error 'anyconnect cannot confirm it is connected to your seucre gateway..' . See the encl log from the client.

The log says 'no valid certificate', but I have a public certificate on the ASA and the machine authentication using certificate was also working before enabling 'always on'. What am I missing out here?

 

1 person had this problem
Preview file
417 KB
Preview file
370 KB
Preview file
94 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP

‎10-13-2018 02:08 PM

In the group policy have you enabled "use anyconnect profile setting" ?

 

Alwayson.png

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marius Gunnerud
VIP
VIP

‎10-13-2018 02:08 PM

In the group policy have you enabled "use anyconnect profile setting" ?

 

Alwayson.png

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
bvj197222
Level 1
Level 1
In response to Marius Gunnerud

‎10-14-2018 11:39 PM - edited ‎10-14-2018 11:41 PM

Thank you Marius, looks like it did the trick. I found one more error, in 'AnyConnect Client Profile' > 'Server List'; The host address used the public IP, so the client reported a certificate error with ('x.x.x.x not matching test.domain.com). I changed it so that both hostname and host address was test.domain.com and everything worked as expected.

15.10.png

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card