04-22-2020 04:27 PM
Have been attempting to get Anyconnect client to connect to a CISCO 4431 using the CISCO doc for IKEv2
I am now stuck at a point where my Android mobile with Anyconnect seems to authenticate ok but laptops with the client fail to establish. I'm getting "The VPN client failed to establish a connection". It feels so close and the fact that the client is working is positive
isr4400-universalk9.16.09.05.SPA.bin
Installed a valid GoDaddy cert on the router
WIN10 Pro laptop
Anyconnect 4.8.03036
Disable Captive Portal Detection
<BypassDownloader>true</BypassDownloader - I have manually added the line to xml file because I did not see an option in the Profile Editor (Not sure if there is a specific location it needs to be?
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
<ClientInitialization>
<BypassDownloader>true</BypassDownloader
<UseStartBeforeLogon UserControllable="true">false</UseStartBeforeLogon>
<AutomaticCertSelection UserControllable="true">true</AutomaticCertSelection>
<ShowPreConnectMessage>false</ShowPreConnectMessage>
.....
I am trying to review the debugs. When I compare the working Android client debug to the laptop and they are almost identical until the end. I see a couple items that might be clues
DELETE Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, num of spi: 0
Apr 22 18:14:31.519: IKEv2-INTERNAL:Parse Notify Payload: DELETE_REASON
Apr 22 18:14:31.519: IKEv2-INTERNAL:Delete Reason received with error code:IKEV2_DELETE_GENERAL_ERROR severity:ERROR
NOTIFY(DELETE_REASON) Next payload: NONE, reserved: 0x0, length: 16
Any thoughts on possible things to try or check?
Cheers,
~M
Solved! Go to Solution.
04-23-2020 01:27 AM
Hi,
It looks like you've modified the wrong profile.
You use the application "AnyConnect Profile Editor - VPN Local Policy" which looks like this....
save the file as AnyConnectLocalPolicy.xml to C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client
HTH
04-23-2020 01:27 AM
Hi,
It looks like you've modified the wrong profile.
You use the application "AnyConnect Profile Editor - VPN Local Policy" which looks like this....
save the file as AnyConnectLocalPolicy.xml to C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client
HTH
04-23-2020 09:22 AM
Thank-you RJI.
You are totally correct. I was focusing on the xml profile I had created not the AnyConnectLocalPolicy.xml file under C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client. The client is now connecting!
Thx again
Cheers,
~M
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide