Re: AnyConnect cant be established on AWS instance

agentelu · ‎10-07-2023

Hello,

I try to create a VPN connection with the Any connect software from a Windows instance on AWS (Amazon) without success.

But I can establish the connection from my personal machine.

What could be the problem? Is there any parameterization I should do to establish the connection?

WarHawk · ‎10-07-2023

Hi agentelu,

Do you have any restrictive Security Groups associated? Those usually get me when I’m in AWS.

What sort of Error is AnyConnect throwing you? Can you see any connection (even Phase 1) made on the VPN Server?

If the above is OK then try and attempt a connection on AnyConnect - observe it fail then attach some logs of AnyConnect and we can take a look.

agentelu · ‎10-07-2023

Hi WarHawk, thanks for your comment.

I'm just on the client side. I don't have server-side visibility. because is another company.
Any connect gives me the following error ( two windows erros ) :

"AnyConnect was not able to establish a connection to the especified secure gateway. Please try connecting again."

"VPN establishement capability for a remote user is disable. A VPN connection will not be established"

Bellow the message history in anyConnect log:

8/10/2023
01:16:24 Contacting server_site.
01:16:37 User credentials entered.
01:16:38 Establishing VPN session...
01:16:38 The AnyConnect Downloader is performing update checks...
01:16:38 Checking for profile updates...
01:16:38 Checking for product updates...
01:16:38 Establishing VPN - Initiating connection...
01:16:39 Establishing VPN session...
01:16:40 Connection attempt has failed.
01:16:40 VPN session ended.
01:16:40 Ready to connect.

WarHawk · ‎10-07-2023

Best thing you can try to do is modify the connection profile file that AnyConnect refers to to build the Connection up.

I’ve posted a blog post that I’ve used myself to get around this issue in the past. Have a read and give it a try if you want.

Failing that it might be worth reaching out (if you haven’t already) to the Support Team who look after the VPN Server.

https://blog.expta.com/2020/04/how-to-enable-cisco-anyconnect-vpn.html?m=1#:~:text=VPN%20establishment%20capability%20for%20a,VPN%20profile%20on%20the%20ASA.

agentelu · ‎10-07-2023

Hello, thanks for your comment.

I followed your blog and followed the steps to change the XML file but unfortunately I couldn't find the file.
On Windows I don't have the "Profile" folder, I only have the path "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\"
In this directory I only have the folders:
-Install
-plugin
-res

where can I find this file to edit?

Can we talk via chat?

agentelu · ‎10-07-2023

Sorry the folder was hidden, I had to enable hidden files and folders.

I found the file but with the .xsd extension is it the same thing?