08-07-2013 09:31 AM - edited 02-21-2020 07:04 PM
Hi all, I'm very new in AnyConnect and I'm doing something wrong.
If I navigate to https://myIP I can successfully log into the portal, download and install the AnyConnect Client and also CONNECT to the VPN.
But if I disconnect to the VPN, and try to login again through the try icon, I get a "connection attempt has failed".
So the only way I have to connect again is to navigate another time to the web portal and then, after login again, the VPN connection is successfully done.
Thanks for your help!
Solved! Go to Solution.
08-09-2013 07:00 AM
Glad you worked it out. Please consider marking as answered and rating helpful post so this can be useful to others who may run into the same issues.
If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
08-07-2013 10:49 AM
Are you using a Router or ASA has the VPN gateway? If you are using an ASA, check your DAP policy under Configuration, Network (Client) Access, Dynamic Access Policies. If there are policies there, chose the profile that is mapped to the tunnel you are connecting too and then go to "Access Method". Ensure "Web Portal" isn't checked. If you want to be able use the portal and the client, you need to change it to one of the "Both" choices. If there is no DAP, we'll have to dig a little deeper.
If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
08-08-2013 12:30 AM
Hello Christopher, thanks for your answer.
I'm using an ASA, and in DAP I only have the DfltAccess, and I changed the Access Method from Unchanged to Both, but I have the same problem.
Now I have a question (sorry if it is obvious), using the portal, I provide the login/passwd, but using only the client it doesn't ask me for credentials, it only shows the certificate error (cause it is self-signed), and when I accept it, the connection fails.
Thanks!
08-08-2013 12:58 AM
Hi Jordi,
When you go to login through the AC client, what is in the "Connect To:" box? It may be an issue regarding the AC profile that gets downloaded after successfully logging in and downloading the client via web portal.
Kind Regards, 
 
Kevin 
 
**Please remember to rate helpful posts as well as mark the question as 'answered' once your issue is resolved. This will help others to find your solution faster.
08-08-2013 02:07 AM
Hi, in the connect To box there is the public IP of the ASA, so I think it might be correct. Then appears an Untrusted VPN Certificate warning, and after clicking "Connect Anyway" it shows the error.
I have the anyconnect-win-3.1.04063-k9.pkg client software, should I try a lower version?
Maybe I'll try to create the certificate through a Windows Server CA and then import to ASA and to the client, so see if it solves the issue...
08-08-2013 04:07 AM
Hi,
First try this. Open the AnyConnect Client, go to the Preferrences tab, and make sure the box that says "Block Untrusted Servers" is NOT checked.
If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
08-08-2013 04:34 AM
Hi Christopher, that was the first I have to do in order to be able to connect when I connect to the VPN (through the web) for the first time. So I can confirm it is unchecked.
Thanks for the advice
08-08-2013 05:44 AM
Do you have access to ASDM or a syslog server? It would be best if you could grab the exact error message in the logs when you try to connect.
Also, if you are using ASDM - make sure you have "Enable Cisco AnyConnect VPN Client Access on the intefaces in the table below" checked. Assuming you are using the "outside" interface, check that one and enable DTLS. Then click "Device Certificate" and make sure you have the correct certificate chosen for the SSL connection (probably the ASAs self signed certificate".
Make sure "Bypass interface access lists for inbound VPN sessions" is checked as well.
If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
08-08-2013 10:02 AM
Well I think I found the trouble.
The point is that I'm not using the default port for HTTPS and DTLS.
When I connected to the VPN through the portal, the Connected to box showed my outside IP, so when I disconnect, I try to connect to the same IP and then fails.
What solved my issue was to add the port to the Connect to box, so now I'm able to connect to the vpn directly from the client using IP:port.
Thanks for your help!
08-09-2013 07:00 AM
Glad you worked it out. Please consider marking as answered and rating helpful post so this can be useful to others who may run into the same issues.
If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
08-28-2020 03:11 AM
I don't know who still has this issue in 2020 but I recently had to deal with the same error message and I tried different solutions I could find online but none worked.
What eventually worked - days of troublehooting later was, that I uninstalled Cisco AnyConnect and deleted any associating residual folders and files from my Local Disk and Registry - I understand uninstalling an program alone won't remove these files, so you have to do it manually or use a third party app that does the job of uninstalling and cleaning out traces of the App. After deleting any and every Cisco files and folders I could find (including those in hidden folders), I went on to reinstall a new version of Cisco AnyConnect and voila! it worked.
I hope this helps someone out there.
Cheers!
12-03-2020 11:14 PM
If your issue is "hotscan csd prelogin verification failed" ,here's the easiest solution:
Type "Services" in search,find and click on Cisco Anyconnect->Restart( on the left side)
After that, open the command prompt and type the following one after the other:
Now restart the system and your VPN should work fine.
06-22-2023 03:32 AM
Hello my friend I am communicating with you from Iran I was using Any Connect software to bypass Iran's filtering, but this software was filtered by Iran and my connection with the global Internet was closed. How can I get your help to reconnect this software with the global Internet Regarding Any Connect not being connected, when it reaches the part to enter the password, the software is disconnected and the continuation of work is lost, and I think the ports related to DTLS and TLS, which allow authentication, are closed. Can I get help from Cisco to solve this problem? Is it possible to make changes inside Any Connect software? Thanks for helping me solve this problem
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide