cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
198062
Views
22
Helpful
12
Replies

AnyConnect connection attempt has failed

jordipuig
Level 1
Level 1

Hi all, I'm very new in AnyConnect and I'm doing something wrong.

If I navigate to https://myIP I can successfully log into the portal, download and install the AnyConnect Client and also CONNECT to the VPN.

But if I disconnect to the VPN, and try to login again through the try icon, I get a "connection attempt has failed".

So the only way I have to connect again is to navigate another time to the web portal and then, after login again, the VPN connection is successfully done.

Thanks for your help!

1 Accepted Solution

Accepted Solutions

Glad you worked it out.  Please consider marking as answered and rating helpful post so this can be useful to others who may run into the same issues.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

View solution in original post

12 Replies 12

Are you using a Router or ASA has the VPN gateway?  If you are using an ASA, check your DAP policy under Configuration, Network (Client) Access, Dynamic Access Policies.  If there are policies there, chose the profile that is mapped to the tunnel you are connecting too and then go to "Access Method".  Ensure "Web Portal" isn't checked.  If you want to be able use the portal and the client, you need to change it to one of the "Both" choices.  If there is no DAP, we'll have to dig a little deeper.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

Hello Christopher, thanks for your answer.

I'm using an ASA, and in DAP I only have the DfltAccess, and I changed the Access Method from Unchanged to Both, but I have the same problem.

Now I have a question (sorry if it is obvious), using the portal, I provide the login/passwd, but using only the client it doesn't ask me for credentials, it only shows the certificate error (cause it is self-signed), and when I accept it, the connection fails.

Thanks!

Hi Jordi,

When you go to login through the AC client, what is in the "Connect To:" box? It may be an issue regarding the AC profile that gets downloaded after successfully logging in and downloading the client via web portal.

Kind Regards,

Kevin

**Please remember to rate helpful posts as well as mark the question as 'answered' once your issue is resolved. This will help others to find your solution faster.

Kind Regards, Kevin Sheahan, CCIE # 41349

Hi, in the connect To box there is the public IP of the ASA, so I think it might be correct. Then appears an Untrusted VPN Certificate warning, and after clicking "Connect Anyway" it shows the error.

I have the anyconnect-win-3.1.04063-k9.pkg client software, should I try a lower version?

Maybe I'll try to create the certificate through a Windows Server CA and then import to ASA and to the client, so see if it solves the issue...

Hi,

First try this.  Open the AnyConnect Client, go to the Preferrences tab, and make sure the box that says "Block Untrusted Servers" is NOT checked. 

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

Hi Christopher, that was the first I have to do in order to be able to connect when I connect to the VPN (through the web) for the first time. So I can confirm it is unchecked.

Thanks for the advice

Do you have access to ASDM or a syslog server?  It would be best if you could grab the exact error message in the logs when you try to connect. 

Also, if you are using ASDM - make sure you have "Enable Cisco AnyConnect VPN Client Access on the intefaces in the table below" checked.  Assuming you are using the "outside" interface, check that one and enable DTLS.  Then click "Device Certificate" and make sure you have the correct certificate chosen for the SSL connection (probably the ASAs self signed certificate". 

Make sure "Bypass interface access lists for inbound VPN sessions" is checked as well. 

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

Well I think I found the trouble.

The point is that I'm not using the default port for HTTPS and DTLS.

When I connected to the VPN through the portal, the Connected to box showed my outside IP, so when I disconnect, I try to connect to the same IP and then fails.

What solved my issue was to add the port to the Connect to box, so now I'm able to connect to the vpn directly from the client using IP:port.

Thanks for your help!

Glad you worked it out.  Please consider marking as answered and rating helpful post so this can be useful to others who may run into the same issues.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

Banji
Level 1
Level 1

I don't know who still has this issue in 2020 but I recently had to deal with the same error message and I tried different solutions I could find online but none worked.

What eventually worked - days of troublehooting later was, that I uninstalled Cisco AnyConnect and deleted any associating residual folders and files from my Local Disk and Registry - I understand uninstalling an program alone won't remove these files, so you have to do it manually or use a third party app that does the job of uninstalling and cleaning out traces of the App. After deleting any and every Cisco files and folders I could find (including those in hidden folders), I went on to reinstall a new version of Cisco AnyConnect and voila! it worked.

I hope this helps someone out there.

Cheers!

SanjanaPai07668
Level 1
Level 1

If your issue is "hotscan csd prelogin verification failed" ,here's the easiest solution:

 

Type "Services" in search,find and click on Cisco Anyconnect->Restart( on the left side)

 

After that, open the command prompt and type the following one after the other:

  • netsh winsock reset
  • netsh int ip reset
  • ipconfig /release
  • ipconfig /renew
  • ipconfig /flushdns
  • gpupdate /force

Now restart the system and your VPN should work fine.

a_mohammadreza
Level 1
Level 1

Hello my friend I am communicating with you from Iran I was using Any Connect software to bypass Iran's filtering, but this software was filtered by Iran and my connection with the global Internet was closed. How can I get your help to reconnect this software with the global Internet  Regarding  Any Connect not being connected, when it reaches the part to enter the password, the software is disconnected and the continuation of work is lost, and I think the ports related to DTLS and TLS, which allow authentication, are closed. Can I get help from Cisco to solve this problem? Is it possible to make changes inside  Any Connect software? Thanks for helping me solve this problem

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: