06-13-2012 05:44 AM
Hi,
I have a Cisco 5520 cluster and Cisco Anyconnect Secure Mobility Client 3.0.5080. I eventually want to connact by means of a Smard Card and I was able to connect a view weeks ago. Now I am hastled by the error Logon denied, unauthorized connection mechanism, contact your administrator.
Well that's me and a do not know anymore where to look on the Asa. I thought it had something to do with the authentication method, but AAA (AD or Local), nor cetificates is now working.
Cisco's solution...:
AnyConnect clients are failing to connect to a Cisco ASA. The error in the AnyConnect window is "Login Denied , unauthorized connection mechanism , contact your administrator".
This error message occurs mostly because of configuration issues that are improper or an incomplete configuration. Check the configuration and make sure it is as required to resolve the issue.
Does not help quite. Please help.
Thanks
Frank
06-14-2012 02:59 AM
Found the cause. There was a certificate mapping pointing to a Clientless SSL VPN connection profile. That, ofcourse, does not match with the SSL VPN mechanism used with Anyconnect.
12-19-2016 02:06 AM
I just had this frustration and it was due to no attributes on the local user account, simply remove the attributes option for the username.
conf t
no username <username> attributes
12-14-2012 05:23 AM
You get this error if VPN tunnel protocol not specified correctly, on ASA 8.4:
# vpn-tunnel-protocol ?
group-policy mode commands/options:
ikev1 IKE version 1
ikev2 IKE version 2
l2tp-ipsec L2TP using IPSec for security
ssl-client SSL VPN Client
ssl-clientless SSL Clientless VPN
05-22-2013 07:53 AM
Whenever I see this error, it usually fixes itself after about 2 hours. Is there a quicker way to fix this? The Cisco "solution" below makes no sense. The 2nd sentence doesn't even sound like it's written in English.
This error message occurs mostly because of configuration issues that are improper or an incomplete configuration. Check the configuration and make sure it is as required to resolve the issue
01-05-2020 01:47 AM
1) This error also occurs when we Anyconnect asks to enter username password and after writing password we make ENTER on password Windows. Instead of hitting on "ENTER" in password window, we should click "OK" after entering username password in anyconnect authentication window.
2) If you are making local authentication, then on ASA go to local users, select the user created for Anyconnect/Clientless, change its password. While changing password same password may be given.
09-24-2013 09:04 AM
I had the same problem today after setting up a Dynamic Access Policy for AnyConnect VPN users. From the ASDM I added the Access Method of "Both-Default-Web-Portal" to my Dynamic Access Policy (DAP) and was able to connect again from the AnyConnect client.
The commands that were changed were the following:
dynamic-access-policy-record RemoteAccessUsers
webvpn
svc ask enable default webvpn
07-31-2017 07:59 AM
I had this problem too. I had made some changes on the previous day, I somehow deleted the group-policy from the tunnel-group. Once I applied the group policy it started working again.
01-05-2020 01:45 AM
1) This error also occurs when we Anyconnect asks to enter username password and after writing password we make ENTER on password Windows. Instead of hitting on "ENTER" in password window, we should click "OK" after entering username password in anyconnect authentication window.
2) If you are making local authentication, then on ASA go to local users, select the user created for Anyconnect/Clientless, change its password. While changing password same password may be given.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide