Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
45000
Views
0
Helpful
2
Replies

Connectivity Issue with AnyConnect and 8.32

estadlercisco
Level 1
Level 1

‎02-17-2011 07:15 AM - edited ‎02-21-2020 05:10 PM

I just upgraded our firewall from 8.23 to 8.32

for full Windows 7 IE8 support with the SSL Clientless VPN connection. I have a problem with users when they try and connect over a Verizon air-card. At first it functions normally, then the user gets kicked and the message below appears.

The service provider in your current location is restricting access to the Internet. You need to log on with the service provider before you can establish a VPN session. You can try this by visiting any website with your browser.

Any direction would be much appreciated, this just started happening after the upgrade. I attahced the output.

2 people had this problem
Labels:
Preview file
27 KB
0 Helpful
2 Replies 2

Shilpa Gupta
Cisco Employee
Cisco Employee

‎02-17-2011 07:33 AM

Many facilities that offer Wi-Fi and wired access, such as airports,  coffee shops, and hotels, require the user to pay before obtaining  access, agree to abide by an acceptable use policy, or both. These  facilities use a technique called captive portal to prevent applications from connecting until the user opens a browser and accepts the conditions for access.

AnyConnect displays the Unable to contact  VPN server message on the GUI if it cannot connect, regardless of the  cause. If a captive portal is not present, AnyConnect continues to  attempt to connect to the VPN and updates the status message  accordingly.

If always-on VPN is enabled, the connect failure policy is closed,  captive portal remediation is disabled, and AnyConnect detects the  presence of a captive portal, the AnyConnect GUI displays the following  message once per connection and once per reconnect:

The service provider in your current location is restricting access to the Internet. 
The AnyConnect protection settings must be lowered for you to log on with the service 
provider. Your current enterprise security policy does not allow this.

If AnyConnect detects the presence of a captive portal and the  AnyConnect configuration differs from that described above, the  AnyConnect GUI displays the following message once per connection and  once per reconnect:

The service provider in your current location is restricting access to the Internet. 
You need to log on with the service provider before you can establish a VPN session. 
You can try this by visiting any website with your browser.

You can check the following links for reference:-

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/release/notes/anyconnect25rn.html#wp1077292

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac03features.html#wp1262689

I hope it helps.

0 Helpful

Przemyslaw Konitz
Level 1
Level 1

‎11-13-2012 12:43 AM

its an old topic but FYI

I had a similar issue (8.4.5, anyconnect 3.1). On our site we don't have any captive portal but still the same message was being displayed. AnyConnect clients were connecting to port 4443, I changed it to normal https and everything started to work ok.

regards

0 Helpful
Customers Also Viewed These Support Documents