cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
17867
Views
0
Helpful
7
Replies

Invalid host entry. Please re-enter. Cisco AnyConnect.

breaktool
Level 1
Level 1

Hi anyone. I have a problem with Cisco AnyConnect client. Client Version 3.1.

This problem only in Windows 7 OS. I have some tunnel groups, and earlier i did can select this groups in anyconnect client after successful connection to my ASA.

Now when i try to connect and use address of my asa like "vpn.company.com" i can't establish connection, and client respond me with error "invalid host entry. Please re-enter". But when i start connection from VPN portal or type address like "vpn.company.com/<tunnel-group>" everything OK and no error responded.

When i was see log in ASA, i see that anyconnect client try start ipsec connection.

Can anyne help me. Maybe someone take this problem earlier.

Sorry for bad English.

7 Replies 7

Hi,

Most likely the XML profile has the following instruction:

     

           Cisco

                10.198.16.148

           VPN

           IPsec

     

You can find the profile in the following path:

Table 2-4     Paths to Deploy the Client

OS

Directory Path

Windows 7 and Vista

C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\

Windows XP

C:\Document and Settings\All Users\Application Data\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Mac OS X and Linux

/opt/cisco/anyconnect/profile/

Please make sure you remove the line in bold and let me know.

Thanks.

Portu.

Please rate any post you find useful.

Message was edited by: Javier Portuguez

There is no profiles. There is only AnyConnectProfile.xsd file. Do you know how Anyconnect check host entry before connect to ASA?

And i dont understand why VPN session establish when i type address with tunnel group like this ""vpn.company.com/". Of course tunnel group has group url like "https://vpn.company.com/"

This tested on MAC OS X and no problem found  

Pretty common DNS resolution.

Did you run logs on the ASA?

Thanks.

Yes of course a has run logging in ASA. I cant uderstand, why it may DNS resolution error. Did you know how AnyConnect client verify DNS records?

When i check logging and simultaneously try to connect with client, i was see that request from my PC go to port 500 and 4500 it is NAT-T) but i dont use IKEv2 with ipsec . I use only SSL between client and ASA. I dont understand, why ASA recieve packets for 500 and 4500 udp ports.

I have solved this problem. I suggest that in installation some gone wrong and configuration files has bad.

I uninstall Cisco AnyConnect and delete directory

"C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client" (Win 7) after that reinstall Cisco Any Connect.

Problem is gone:)

Maybe this information will helpful

5G5449
Level 1
Level 1

I had "invalid host entry" issue and corrected it by running diagnostics feature within Cisco AnyConnect.  

Path:  Click on the Settings icon (gear) in bottom left of login screen.  From Settings screen, click on Diagnostics button on top right of screen.  This launches Cisco Diagnostic and Reporting Tool (DART).  Follow prompts to run the diagnostics. 

I did not need to change any configurations.  Just running the diagnostics tool fixed the problem.

I hope this helps... Good luck!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: