Showing results for 
Search instead for 
Did you mean: 

ssl vpn cisco anyconnect issue


Hi ,


I have an issue with my ssl vpn cisco anyconnect to dmz. it's showed as below :

"the secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication. The following message was received from the secure gateway . No assigned address ".

Please help or recommand the best solution for fixing it. 

mail personel email : 

hope receiving the good news form all of you. 

Many thanks !



21 Replies 21

Hello @Rob Ingram ,


I have test and users connect vpn is ok ,they can access internet and ping host in DMZ but they cannot ping  ip of that in dmz interface  .

Could you guide me the best solution for this case. ?

exp : user can ping (server in dmz) but cannot ping ip add - ip address of dmz interface.

Regards !


The ASA only responds to ICMP traffic sent to the interface that traffic comes in on; you cannot send ICMP traffic through an interface to a far interface, the exception to this is if coming over a VPN. In which case, you can configure mangement-access <interface name> command, this will also permit mgmt of the device using ssh, snmp, http





Hello @Rob Ingram 


Thanks for your refer, it's done now, but after considering about security we only testing and no leave this command in our asa.  But now i have more case :

we will use ldap server is primary authentication for ssl vpn Cisco Anyconncnet and radius will be used for backup authentication . Cisco firewall is support this or not ? 

Sincerely and  Regards !



Hi @hoaithanhdo 

No you can't have radius as a backup for ldap. The only backup method is local (ASA's local user database).

You should ensure your LDAP servers are resilent and that each LDAP server is configured as a host on the ASA.



Hello @Rob Ingram ,


Thanks for your feedback soon. 

I have made the test case : remove user out off all vpn ldap group . but users still can access vpn now. 

i check with server admin , they already done removed that users . 

Could you guide me how to check the problem why ?

Regards ! 


Do you have the LDAP NOACCESS group-policy defined? This denies any user that is not part of an LDAP group.




Hello @Rob Ingram ,


Thanks so much  . This issue is resolved now. 

Regards !

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers