cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
19402
Views
0
Helpful
2
Replies

AnyConnect Profile connection problems

jensscheuvens
Level 1
Level 1

Hello Together,

first of all the Setup we are using:

  • Cisco ASA ASA5512 Software Version 9.4(3)8 (ASDM 761)
  • AnyConnect  3.0.11042
  • Certificate and AAA authentification

If I store the AnyConnect- Profile manually to this location "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile" everything works fine. The client is going to get connected, authenticated and access to internal ressources is possible.

If I delete the profile from the client it will not work. Normally I would expect the client downloading the profile from the ASA or am I not right?

Error: "Could not connect to server. Please verify Internet Connectivity and server address"

This message is quite strange because I am able to reach the ASA via Ping and DNS (and with the profile in place it will work).

I tried to view the ASA`s debug output (debug webvpn anyconnect 255) but nothing appears on this device.

The Profile is configured on the ASA, attached to the associated Group Policy and Hostname of ASA is stored in the file.

So I assume that the ASA will not push updated AnyConnect -Profil onto the Clients.

Is there a parameter on the ASA that I am missing?

Thanks in advance and regards

1 Accepted Solution

Accepted Solutions

bravotom99
Level 1
Level 1

If you delete the profile locally, then anyconnect does not know where to connect to.  You might still see your server entry in the drop down but that is just a cache'd name.  Without the local xml profile, you won't be able to connect.  You could however manually type in the address of the ASA and you should be able to connect.  It will then download the profile loaded on the ASA.

FYI - The cached entry is stored in the local user profile

%localappdata%\cisco\cisco AnyConnect Secure Mobility Client

View solution in original post

2 Replies 2

bravotom99
Level 1
Level 1

If you delete the profile locally, then anyconnect does not know where to connect to.  You might still see your server entry in the drop down but that is just a cache'd name.  Without the local xml profile, you won't be able to connect.  You could however manually type in the address of the ASA and you should be able to connect.  It will then download the profile loaded on the ASA.

FYI - The cached entry is stored in the local user profile

%localappdata%\cisco\cisco AnyConnect Secure Mobility Client

Thanks for your answer.

I did this before and tried to connect over the ASA´s external IP adress. Unfortunately it did not download the profile specified on the ASA.  I am getting the same error.