Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14591
Views
0
Helpful
5
Replies

AnyConnect and Connections to this secure gateway are not permitted

Go to solution
niall-wilkins
Level 1
Level 1

‎09-28-2010 12:02 PM - edited ‎02-21-2020 04:52 PM

Hi,

I am trying to figure out an issue I am having with AnyConnect 2.5.  After I login to the SSL VPN Portal and download and install the client I receive this message.  Also once the client installs I have no network connectivity at all.  Once I uninstall the client I am able to access the Internet and network connectivity is restored.  Its obviously a config issue but I cant figure out where I am going wrong.  I am also unable to change the connect to field as its locked down.

error.JPG

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Christopher.Hayre
Level 1
Level 1

‎09-29-2010 03:43 PM

This is occurring because you, in your profile config, have it configured for always on VPN connectivity.  AC 2.5 and ASA 8.3 introduced the capability to enforce always-on connectivity for the purpose of providing greater control and security over endpoints.  This can be corrected by either modifying your profile, or making an exception through DAP or ASA GP.  I have posted a link to the doc below. Please refer to the sections under trusted network detection and always on VPN.

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac03features.html

Hope this helps.  Let me know if you have further questions.

Thanks,

Christopher

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎09-28-2010 02:53 PM

Hi,


Are you connecting to an ASA or IOS?

If you have split-tunneling disabled, all traffic will be sent through the tunnel (Internet will be lost unless it's configured properly on the headend device).

Is it a problem on this particular machine only?

I mean, if you try to connect with the AnyConnect from any other machine same thing happens?

Federico.

0 Helpful

Go to solution
niall-wilkins
Level 1
Level 1
In response to Federico Coto Fajardo

‎09-28-2010 04:06 PM

Hi,

Its an ASA 5510 running version 8.3.  Split tunneling has not been configured as it is not allowed in our enviornment.  I have tried anyconnect from both Windows XP and Windows 7 systems but everytimg it comes up with this message.  We ar just looking to allow the user to bring up the anyconnect to create an SSL tunnel when they are not in the office

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to niall-wilkins

‎09-29-2010 09:09 AM

So, if no computer is able to establish the AnyConnect connection properly, might be a configuation problem on the ASA.

Can you either share the relevant part of the configuration or take a look at this:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/svc.html

Federico.

0 Helpful

Go to solution
Christopher.Hayre
Level 1
Level 1

‎09-29-2010 03:43 PM

This is occurring because you, in your profile config, have it configured for always on VPN connectivity.  AC 2.5 and ASA 8.3 introduced the capability to enforce always-on connectivity for the purpose of providing greater control and security over endpoints.  This can be corrected by either modifying your profile, or making an exception through DAP or ASA GP.  I have posted a link to the doc below. Please refer to the sections under trusted network detection and always on VPN.

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac03features.html

Hope this helps.  Let me know if you have further questions.

Thanks,

Christopher

0 Helpful

Go to solution
niall-wilkins
Level 1
Level 1
In response to Christopher.Hayre

‎10-04-2010 11:30 AM

Thanks.  It was the always on feature that was the issue.  I disabled this and now I have no issues connecting.  I now need to read up on configuring always on

Thanks

0 Helpful
Customers Also Viewed These Support Documents