cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
14638
Views
0
Helpful
5
Replies

AnyConnect and Connections to this secure gateway are not permitted

niall-wilkins
Level 1
Level 1

Hi,

I am trying to figure out an issue I am having with AnyConnect 2.5.  After I login to the SSL VPN Portal and download and install the client I receive this message.  Also once the client installs I have no network connectivity at all.  Once I uninstall the client I am able to access the Internet and network connectivity is restored.  Its obviously a config issue but I cant figure out where I am going wrong.  I am also unable to change the connect to field as its locked down.

error.JPG

1 Accepted Solution

Accepted Solutions

This is occurring because you, in your profile config, have it configured for always on VPN connectivity.  AC 2.5 and ASA 8.3 introduced the capability to enforce always-on connectivity for the purpose of providing greater control and security over endpoints.  This can be corrected by either modifying your profile, or making an exception through DAP or ASA GP.  I have posted a link to the doc below. Please refer to the sections under trusted network detection and always on VPN.

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac03features.html

Hope this helps.  Let me know if you have further questions.

Thanks,

Christopher

View solution in original post

5 Replies 5

Hi,


Are you connecting to an ASA or IOS?

If you have split-tunneling disabled, all traffic will be sent through the tunnel (Internet will be lost unless it's configured properly on the headend device).

Is it a problem on this particular machine only?

I mean, if you try to connect with the AnyConnect from any other machine same thing happens?

Federico.

Hi,

Its an ASA 5510 running version 8.3.  Split tunneling has not been configured as it is not allowed in our enviornment.  I have tried anyconnect from both Windows XP and Windows 7 systems but everytimg it comes up with this message.  We ar just looking to allow the user to bring up the anyconnect to create an SSL tunnel when they are not in the office

So, if no computer is able to establish the AnyConnect connection properly, might be a configuation problem on the ASA.

Can you either share the relevant part of the configuration or take a look at this:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/svc.html

Federico.

This is occurring because you, in your profile config, have it configured for always on VPN connectivity.  AC 2.5 and ASA 8.3 introduced the capability to enforce always-on connectivity for the purpose of providing greater control and security over endpoints.  This can be corrected by either modifying your profile, or making an exception through DAP or ASA GP.  I have posted a link to the doc below. Please refer to the sections under trusted network detection and always on VPN.

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac03features.html

Hope this helps.  Let me know if you have further questions.

Thanks,

Christopher

Thanks.  It was the always on feature that was the issue.  I disabled this and now I have no issues connecting.  I now need to read up on configuring always on

Thanks