Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2607
Views
0
Helpful
0
Replies

Secure Gateway has rejected the connection...

jkay18041
Level 3
Level 3

‎06-15-2017 09:19 AM

I am trying to setup a client vpn with a cisco 2901. When I connect I get this message "the secure gateway has rejected the connection attempt a new connection attempt to the same or another secure gateway is needed."

I have read that I may not be getting an IP address on the client side. However if I go to the web browser I can login and it seems to work, but the Cisco anyconnect doesn't on the client desktop. Can anyone look at my config and see if they see any issues?

Thanks you!


Current configuration : 9416 bytes
!
! Last configuration change at 15:45:35 UTC Thu Jun 15 2017 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router2901
!
boot-start-marker
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login SSLVPN_AAA local
!
!
!
!
!
aaa session-id common
!
ip cef
!
!
!
!
!
!
ip domain name Home
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ipv6 unicast-routing
ipv6 dhcp pool Cox
prefix-delegation pool Cox-ipv6
dns-server 2001:4860:4860::8888
dns-server 2001:4860:4860::8844
!
ipv6 inspect name traffic ftp
ipv6 inspect name traffic udp
ipv6 inspect name traffic icmp
ipv6 cef
ipv6 cef accounting per-prefix
!
multilink bundle-name authenticated
!
!
!
!
!
!
crypto pki trustpoint SSLVPN_CERT
enrollment selfsigned
subject-name CN=fdenofa-SSLVPN.home.local
revocation-check crl
rsakeypair SSLVPN_KEYPAIR
!
!
crypto pki certificate chain SSLVPN_CERT
certificate self-signed 03

quit
voice-card 0
!
!
!
!
!
!
!
!
license udi pid CISCO2901/K9 sn 
!
!
vtp domain HARRTISP
vtp mode transparent
username 
username 
!
redundancy
!
!
!
!
!
ip ssh time-out 70
ip ssh authentication-retries 2
ip ssh version 2
!
class-map type inspect match-any All_Protocols
match protocol tcp
match protocol udp
match protocol icmp
!
policy-map type inspect Trusted_to_Internet
class type inspect All_Protocols
inspect
class class-default
drop
!
zone security Trusted
zone security Internet
zone-pair security Trusted->Internet source Trusted destination Internet
service-policy type inspect Trusted_to_Internet
!
!
crypto vpn anyconnect flash0:/webvpn/anyconnect-win-3.1.14018-k9.pkg sequence 1
!
!
!
!
buffers tune automatic
!
!
!
!
interface Loopback0
ip address 172.16.1.1 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description WAN
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
ipv6 address dhcp
ipv6 address autoconfig default
ipv6 enable
ipv6 nd autoconfig default-route
ipv6 dhcp client pd hint ::/60
ipv6 dhcp client pd Cox-ipv6
ipv6 verify unicast reverse-path
ipv6 inspect traffic out
ipv6 traffic-filter wan-in in
ipv6 traffic-filter wan-out out
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
description LAN
encapsulation dot1Q 1 native
ip address 10.10.1.253 255.255.255.0
ip nat inside
ip virtual-reassembly in
ipv6 address Cox-ipv6 ::/64 eui-64
ipv6 address autoconfig
ipv6 enable
ipv6 nd other-config-flag
ipv6 dhcp server Cox
!
interface GigabitEthernet0/1.2
description Wireless
encapsulation dot1Q 2
ip address 192.168.2.254 255.255.255.0
ip access-group wifi_block in
ip access-group wifi_block out
ip nat inside
ip virtual-reassembly in
!
interface Virtual-Template1
ip unnumbered Loopback0
!
ip local pool SSLVPN_POOL 10.10.15.1 10.10.15.5
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip dns server
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip nat inside source static udp 10.10.1.249 1194 interface GigabitEthernet0/0 1194
ip nat inside source static udp 10.10.1.249 1195 interface GigabitEthernet0/0 1195
ip nat inside source static tcp 10.10.1.249 22 interface GigabitEthernet0/0 1022
ip nat inside source static tcp 192.168.2.7 80 interface GigabitEthernet0/0 1080
ip nat inside source static tcp 192.168.2.8 80 interface GigabitEthernet0/0 1081
ip nat inside source static tcp 10.10.1.247 42365 interface GigabitEthernet0/0 42365
ip nat inside source static tcp 10.10.1.247 5500 interface GigabitEthernet0/0 5500
ip nat inside source static tcp 10.10.1.247 5501 interface GigabitEthernet0/0 5501
ip route 10.28.0.0 255.255.255.0 10.10.1.249
ip route 10.29.0.0 255.255.255.0 10.10.1.249
ip route 10.30.0.0 255.255.255.0 10.10.1.249
!
ip access-list extended NAT
deny ip 10.10.1.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip 192.168.2.0 0.0.0.255 10.10.1.0 0.0.0.255
permit ip any any
ip access-list extended wifi_block
deny ip 192.168.2.0 0.0.0.255 10.10.1.0 0.0.0.255
deny ip 10.10.1.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip any any
!
ip sla enable reaction-alerts
ip sla auto discovery
ip sla 1
http get http://
frequency 120
ip sla schedule 1 life forever start-time now
access-list 1 permit 10.10.0.0 0.0.255.255
access-list 122 deny tcp any eq 22 any
access-list 122 permit tcp 10.0.0.0 0.255.255.255 any
!
!
snmp-server community fast_stats RO
snmp-server enable traps entity-sensor threshold
snmp-server host 10.10.1.249 version 2c 
!
!
!
ipv6 access-list wan-in
permit icmp any any
permit udp any any eq 546
permit tcp any any established
sequence 100 deny ipv6 any any
!
ipv6 access-list wan-out
permit icmp any any
permit tcp any any
permit udp any any
sequence 100 deny ipv6 any any
!
control-plane
!
!
!
!
!
!
!
mgcp profile default
!
!
!
!
!
gatekeeper
shutdown
!
!
!
line con 0
privilege level 15
password 
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 122 in
privilege level 15
password 
transport input ssh
!
scheduler allocate 20000 1000
!
!
webvpn gateway SSLVPN_GATEWAY
ip interface GigabitEthernet0/0 port 443
http-redirect port 80
ssl trustpoint SSLVPN_CERT
inservice
!
webvpn gateway SSL_GATEWAY
ssl trustpoint SSLVPN_CERT
inservice
!
webvpn context SSL_Context
aaa authentication list SSLVPN_AAA
gateway SSLVPN_GATEWAY
!
ssl authenticate verify all
inservice
!
policy group SSL_POLICY
functions svc-enabled
svc split include acl 1
svc dns-server primary 8.8.8.8
!
!
webvpn context SSL_CONTEXT
virtual-template 1
!
ssl authenticate verify all
inservice
!
policy group SSL_POLICY
functions svc-enabled
default-group-policy SSL_POLICY
!
end

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents