cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
81600
Views
5
Helpful
8
Replies

unauthorized connection mechanism

frfaber
Level 1
Level 1

Hi,

I have a Cisco 5520 cluster and Cisco Anyconnect Secure Mobility Client 3.0.5080. I eventually want to connact by means of a Smard Card and I was able to connect a view weeks ago. Now I am hastled by the error Logon denied, unauthorized connection mechanism, contact your administrator.
Well that's me and a do not know anymore where to look on the Asa. I thought it had something to do with the authentication method, but AAA (AD or Local), nor cetificates is now working.

Cisco's solution...:

Error: "Login Denied , unauthorized connection mechanism , contact your administrator"

AnyConnect clients are failing to connect to a Cisco ASA. The error in the AnyConnect window is "Login Denied , unauthorized connection mechanism , contact your administrator".

Solution

This error message occurs mostly because of configuration issues that  are improper or an incomplete configuration. Check the configuration  and make sure it is as required to resolve the issue.

Does not help quite. Please help.

Thanks

Frank

8 Replies 8

Geert Veen
Level 1
Level 1

Found the cause. There was a certificate mapping pointing to a Clientless SSL VPN connection profile. That, ofcourse, does not match with the SSL VPN mechanism used with Anyconnect.

I just had this frustration and it was due to no attributes on the local user account, simply remove the attributes option for the username. 

conf t

no username <username> attributes

kpanduric
Level 1
Level 1

You get this error if VPN tunnel protocol not specified correctly, on ASA 8.4:

# vpn-tunnel-protocol ?

group-policy mode commands/options:
ikev1           IKE version 1
ikev2           IKE version 2
l2tp-ipsec      L2TP using IPSec for security
ssl-client      SSL VPN Client
ssl-clientless  SSL Clientless VPN

flawless114
Level 1
Level 1

Whenever I see this error, it usually fixes itself after about 2 hours. Is there a quicker way to fix this? The Cisco "solution" below makes no sense. The 2nd sentence doesn't even sound like it's written in English.

Solution

This error message occurs mostly because of configuration issues that are improper or an incomplete configuration. Check the configuration and make sure it is as required to resolve the issue

1) This error also occurs when we Anyconnect asks to enter username password and after writing password we make ENTER on password Windows. Instead of hitting on "ENTER" in password window, we should click "OK" after entering username password in anyconnect authentication window.

2) If you are making local authentication, then on ASA go to local users, select the user created for Anyconnect/Clientless, change its password. While changing password same password may be given.

 

MATTHEW EVANS
Level 1
Level 1

I had the same problem today after setting up a Dynamic Access Policy for AnyConnect VPN users.  From the ASDM I added the Access Method of "Both-Default-Web-Portal" to my Dynamic Access Policy (DAP) and was able to connect again from the AnyConnect client. 

The commands that were changed were the following:

dynamic-access-policy-record RemoteAccessUsers

webvpn

svc ask enable default webvpn

Todd Killian
Level 1
Level 1

I had this problem too.  I had made some changes on the previous day, I somehow deleted the group-policy from the tunnel-group.  Once I applied the group policy it started working again.  

AshiqHussain
Level 1
Level 1

1) This error also occurs when we Anyconnect asks to enter username password and after writing password we make ENTER on password Windows. Instead of hitting on "ENTER" in password window, we should click "OK" after entering username password in anyconnect authentication window.

2) If you are making local authentication, then on ASA go to local users, select the user created for Anyconnect/Clientless, change its password. While changing password same password may be given.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: