Solved: AnyConnect show error "The secure gateway has rejected the connection attemp..........."

Natapoom · ‎04-22-2020

Natapoom · ‎04-22-2020

The problem has been resolved.
I found that it is a bug of Anyconnect Version 4.8 and ASA Version 7.13.1

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs40531/?rfs=iqvred

Sheraz.Salim · ‎04-22-2020

You have a dhcp server configured on the tunnel-group. That would take preference for address assignment. Order of address assignment is AAA,DHCP and then local.

tunnel-group "SSL VPN" type remote-access
tunnel-group "SSL VPN" general-attributes
 address-pool VPN_POOL
 default-group-policy "GroupPolicy_SSL VPN"
 dhcp-server 192.168.1.1

highly recommend removing that configuration if you are not using a dhcp server.

Also, sometimes when DHCP is assigned, the ASA might disable the local vpn address assignment. The default is a hidden command so you have to see "show run all" to see it. Like this:

ASA# sh run all | in vpn-addr
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
vpn-addr-assign local reuse-delay 0

If you are only using the local pool to assign ip addresses, the above would be the config you need. If you need DHCP or AAA ip address assignment enabled the setting by adding the command.

a very similar issue is discussed here https://community.cisco.com/t5/vpn/secure-gateway-has-rejected-the-connection/td-p/2826763

please do not forget to rate.

Natapoom · ‎04-22-2020

The problem has been resolved.
I found that it is a bug of Anyconnect Version 4.8 and ASA Version 7.13.1

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs40531/?rfs=iqvred