Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
813
Views
1
Helpful
4
Replies

"Login denied, unauthorized connection mechanism, contact your admin"

Go to solution
Chess Norris
Level 4
Level 4

‎11-26-2025 05:21 AM - edited ‎11-26-2025 05:22 AM

Hello,

A customer reports that a newly created remote access VPN user fails to connect successfully and that the user is receiving the following error message: "Login denied, unauthorized connection mechanism, contact your administrator".


The authentication process through Cisco ISE and DUO proceeds normally, including MFA OTP entry, but the connection is denied afterward.

When troubleshooting I noticed that this specific group-policy is not being assigned by ISE as expected, unlike other group-policies.

Anyone have any idea on how I can troubleshoot this issue further?

Thanks

/Chess

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to Chess Norris

‎11-26-2025 06:18 AM

@Chess Norris so the user hits the same rules as other user that do receive the group-policy? I assume this user is connecting using the same profile configuration and protocol (ipsec or ssl) as the other working users?

Can you enable the aaa radius debugs, log in as the user and provide the output for review.

View solution in original post

4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎11-26-2025 05:26 AM

Hi @Chess Norris if the connection is not receiving the correct group-policy, does the connection match all the conditions in the  ISE authorisation rule? Can you provide a screenshot of the ISE rule you expect the connection to match and the output of the live log for the session that failed to receive the correct policy?

0 Helpful

Go to solution
Chess Norris
Level 4
Level 4
In response to Rob Ingram

‎11-26-2025 05:52 AM

@Rob Ingram Yes, the connection seams to match the conditions in the autorization rule and I can see the hitcounts increasing on that specific rules. Here are som screenshots of the rule and from the livelog.

ISE Policy Rule.jpgISE_Livelog_Screenshot 2025-11-26 143121.jpg

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Chess Norris

‎11-26-2025 06:18 AM

@Chess Norris so the user hits the same rules as other user that do receive the group-policy? I assume this user is connecting using the same profile configuration and protocol (ipsec or ssl) as the other working users?

Can you enable the aaa radius debugs, log in as the user and provide the output for review.

Go to solution
Chess Norris
Level 4
Level 4

‎11-26-2025 07:50 AM

I was able to find the issue after enable the radius debug.

The group policy object was created, but it was not added under the Remote Access advanced TAB. Once added there, the group-policy was assigned correctly. 

/Chess

0 Helpful
Customers Also Viewed These Support Documents