12-13-2017 08:16 AM - edited 03-12-2019 04:49 AM
Hello,
I have configured the SSL VPN by these manuals: SSL VPN, Client Profile. But I still can't connect using AnyConnect Secure Mobility Client 3.0.08057 getting an error:
Failed to download AnyConnect VPN Profile because AnyConnect cannot confirm it is connected to your secure gateway.
The local network may not be trustworthy.
A VPN connection cannot be established.
The Client and ASA are in the same network (just for test). The RADIUS authentication by MS Server is being used. There is the ASA configuration:
Cisco Adaptive Security Appliance Software Version 9.1(7)15
Device Manager Version 7.8(2)151
Compiled on Tue 07-Mar-17 11:12 by builders
System image file is "disk0:/asa917-15-k8.bin"
webvpn enable WAN anyconnect image disk0:/anyconnect-win-3.0.08057-k9.pkg 1 anyconnect image disk0:/anyconnect-macosx-i386-3.0.08057-k9.pkg 2 anyconnect profiles ssl_vpn disk0:/ssl_vpn.xml anyconnect enable tunnel-group-list enable cache disable group-policy DfltGrpPolicy attributes vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless group-policy GroupPolicy_SSL internal group-policy GroupPolicy_SSL attributes wins-server none dns-server value 10.254.1.211 vpn-tunnel-protocol ssl-client default-domain value companytest.company.com webvpn anyconnect profiles value ssl_vpn type user tunnel-group TEST type remote-access tunnel-group TEST general-attributes address-pool test authentication-server-group (WAN) NPS password-management tunnel-group TEST webvpn-attributes group-alias TEST enable tunnel-group SSL type remote-access tunnel-group SSL general-attributes address-pool test authentication-server-group NPS default-group-policy GroupPolicy_SSL tunnel-group SSL webvpn-attributes group-alias SSL enable !
I have imported certificate to the ASA, which was issued by Domain PKI. Also Windows 10 has a root certificate installed.
What I have forgotten?
Thank you in advance!
Solved! Go to Solution.
12-18-2017 06:58 AM
Hi Francesco,
I have deleted the Client Profile, and then I connected successfully. This setting is required if user connects from Terminal Server.
12-15-2017 03:36 PM
12-18-2017 06:58 AM
Hi Francesco,
I have deleted the Client Profile, and then I connected successfully. This setting is required if user connects from Terminal Server.
12-18-2017 07:12 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide