Thank you so much for the response.  I unchecked the box and now it looks like it is trying and getting further.  Here are the logs:

     3:41:59 PM    Ready to connect.

     3:42:04 PM    Contacting <DOMAIN>.

     3:42:28 PM    User credentials entered.

     3:42:29 PM    Establishing VPN session...

     3:42:30 PM    The AnyConnect Downloader is performing update checks...

     3:42:30 PM    Checking for profile updates...

     3:42:30 PM    Checking for product updates...

     3:42:47 PM    Checking for customization updates...

     3:42:47 PM    Performing any required updates...

     3:42:47 PM    The AnyConnect Downloader updates have been completed.

     3:42:47 PM    Establishing VPN session...

     3:42:47 PM    Establishing VPN - Initiating connection...

     3:42:47 PM    The VPN client failed to establish a connection.

     3:42:47 PM    AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.

     3:42:47 PM    Ready to connect.

Hello,

Ok that is much better - not clear why the headend is rejecting your session.  Please run the Diagnostics and  provide the output.  You can run Diagnostics by again clicking on the gear symbol and you should see a button to run it

I had to install the DART package but I got the output.  Here is the link:

https://shareSync.serverdata.net/web/s/klSKFfTd0hhQF6O2xtYtWb

Taking a a look.   I see in your IOS configuration that its configured to use AnyConnect 3.1.03103 - does this version work ?

I am looking to see if there is a compatibility issue with your IOS version and AnyConnect 4,2,01035 which you are attempting to use.

I just upgraded my client to the 4.2 client to see if it was a bug with the 3.1 version.  Both versions show the same results.  I am currently using the 4.2 version.

Hello Peter,

We spoke to a PM for the IOS routers and got the following response "

As for 2811, it is a part of the older generation ISR-G1 routers that have already been eol-ed for quite some time now.

AC 4.x client has not been tested with these platforms. I would recommend going with the ISR-G2 equivalent (2911)."

The 3.1 client should work and I would recommend opening up a TAC case to get some more in depth troubleshooting done.   Note that Plus/Apex licensing is legally required regardless of the head-end chosen so when opening the case for 4.x you will have to show entitlement but again it has never been tested on the 2811

Sorry we couldn't  solve the issue here for you.

Best regards,

Paul

I downgraded to my earlier 3.1 client to confirm and that version doesnt seem to have the ability to Disable Captive Portal Detection.  I also can't open a TAC as I am not under a contract.  :/ I am a college student trying to set this up. 

If there are any more steps I can try I will gladly attempt, just not sure what I am doing wrong, the error is very vague :/

Hello Peter,

Can you run the diagnostics on the 3.1 client also and upload as you did for the 4.1 version and I will take a look.

"Try to satisfy requirements documented in the False Captive Portal Detection section of Configuring VPN Access chapter in AnyConnect 3.1 Cisco AnyConnect Secure Mobility Client Administrator Guide.

Use the following workaround if you have "ip http server" enabled on IOS headend and AnyConnect falsely detects presence of captive portal:

ip http access-class

and configure ACL in such a way that only trusted hosts are allowed and endpoint with AnyConnect is denied."

Also have a look in the meantime at these documents.

Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.1 - Configuring VPN Access [Cisco AnyConnect Secu…

Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.1 - Configuring VPN Access [Cisco AnyConnect Secu…

I will be reading through this asap, but in the meantime here is the logs https://shareSync.serverdata.net/web/s/TYIFGEcjrvAveyV_7XnG6C