Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14997
Views
0
Helpful
6
Replies

AnyConnect - Connecting to network errors: Please enter a secure gateway to connect to

dgaikwad
Level 5
Level 5

‎04-16-2020 03:33 AM - edited ‎04-16-2020 03:37 AM

Hello Experts,
I have configured to install AnyConnect from ISE when the user gets redirected to CPP page.
The user is able to install and get posture done via the above flow.

But, now what I have seen is that whenever user make a change of network, like disconnecting from wired to wireless, AnyConnect will popout this error: "Please enter a secure gateway to connect to"
Screenshot (28).png
I am not pushing any VPN profile as off now as well, this is a pretty straight forward installation and flow.

I have tested this AnyConnect version 4.7 and 4.8 as well, but the results are the same in both the cases.

Is there something that is missing out?

7 people had this problem
Labels:
0 Helpful
6 Replies 6

Mike.Cifelli
VIP Alumni
VIP Alumni

‎04-16-2020 10:51 AM

Can you look here to confirm that you do not have a profile on the system: C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\
If you do can you share the contents?
0 Helpful

dgaikwad
Level 5
Level 5
In response to Mike.Cifelli

‎04-21-2020 01:19 AM

Ok, I was able to get some information as off when that alert was popping up.
1. When AnyConnect was installed via VPN for the first time and then connecting back to wired and wireless network internally produced that alert
2. If AnyConnect was first installed from the internal network, then in that case, the alert was not generated 

Attached is the file from: C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\

0 Helpful

dgaikwad
Level 5
Level 5
In response to Mike.Cifelli

‎04-28-2020 05:27 AM

I was not able to attach the file so have added it here 

0 Helpful

dgaikwad
Level 5
Level 5
In response to Mike.Cifelli

‎08-19-2021 03:06 AM

This is a bit late, but did you find anything from the profile.xml that was shared a year ago?
Since another customer has started to face this issue now...

0 Helpful

Milos_Jovanovic
VIP Alumni
VIP Alumni
In response to dgaikwad

‎08-19-2021 01:25 PM

Hi @dgaikwad,

From the pasted XML profile, I can see following section:

<AutomaticVPNPolicy>true
 <TrustedDNSDomains>*prasac.com.kh</TrustedDNSDomains>
 <TrustedDNSServers>ns1.prasac.com.kh</TrustedDNSServers>
 <TrustedNetworkPolicy>Disconnect</TrustedNetworkPolicy>
 <UntrustedNetworkPolicy>Connect</UntrustedNetworkPolicy>
 <AlwaysOn>false
 </AlwaysOn>
</AutomaticVPNPolicy>

This means that you have Trusted Network Detection configured, which will connect to VPN each time when it detects untrusted network (whenever your assigned domain is not '*prasac.com.kh' or your DNS server is not 'ns1.prasac.com.kh'). However, there is no <ServerList> section, which would contain your gateway details.

By doing this, you are asking your user to go to VPN each time he is not in office (I'm assuming), but PC has no idea where to go, reporting this error.

You need to fix this profile.

BR,

Milos

0 Helpful

Benjamin_Leung
Level 1
Level 1

‎11-20-2021 03:41 AM

Mates, I am facing this problem, either. How did you fix it? As no matter how do I change config and I confirm it has profile in C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\, problem still exits

 

But my another PC config to the same path, which is working fine, except my MacBook VM Windows 10

SOS!

0 Helpful
Customers Also Viewed These Support Documents