Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1129
Views
0
Helpful
2
Replies

AnyConnect IOS authorization

Alexandr Shevchuk
Level 1
Level 1

‎02-14-2013 07:51 AM - edited ‎02-21-2020 06:42 PM

Hello! Please help me whith my problem.

Environment Details:

Cisco 2811 IOS Version 12.4(24)T7

Anyconnect  win-3.1.02040

When I connect through webvpn it`s ol ok, but when I connect through Anyconnect  win-3.1.02040 it does not connect, and I come a massege "AnyConnect cannot confirm it is connected to yor secure gateway. The local network may not be trustworthy.Please try another network." On Ubuntu it`s work.

Config I cases under articles  http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080af314a.shtml

aaa new-model

!

!

aaa authentication login default local

aaa authentication login VPN_list local

aaa authorization exec default local

aaa accounting update periodic 1

!

!

aaa session-id common

!

dot11 syslog

ip source-route

!

!

ip cef

!

!

!

!

crypto pki trustpoint TP-self-signed-3468458299

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3468458299

revocation-check none

rsakeypair TP-self-signed-3468458299

!

username test privilege 0 password 7 0835495D1D

archive

log config

  hidekeys

!

!

interface FastEthernet0/0

description VPN

ip address 10.58.12.55 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

ip address XXX.XXX.XXX.XXX 255.255.255.192

duplex auto

speed auto

!

ip local pool VPN_pool 192.168.1.10 192.168.1.20

ip default-gateway XXX.XXX.XXX.XXX

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 213.130.21.65

ip route 10.58.0.0 255.255.0.0 10.58.12.1

ip http server

ip http authentication local

ip http secure-server

!

webvpn gateway VPN_GW

ip addressXXX.XXX.XXX.XXX port 443

http-redirect port 80

ssl encryption 3des-sha1

ssl trustpoint TP-self-signed-3468458299

logging enable

inservice

!

webvpn install svc flash:/webvpn/anyconnect-win-3.1.02040-k9.pkg sequence 1

!

webvpn context VPN_context

logo file flash:/logo.gif

secondary-color green

title-color #CCCC66

text-color black

ssl authenticate verify all

!

!

!

webvpn context VPN_context

logo file flash:/logo.gif

secondary-color green

title-color #CCCC66

text-color black

ssl authenticate verify all

!

!

policy group policy_1

   functions svc-enabled

functions svc-enabled

   svc address-pool "VPN_pool"

   svc keep-client-installed

   svc split include 2.2.2.0 255.255.255.0

   svc dns-server primary 10.58.8.131

default-group-policy policy_1

aaa authentication list VPN_list

gateway VPN_GW

max-users 10

inservice

!

end

I seriously thought that might on IOS Anyconnect work only from web. Please help me!

Thanks,

Alexander



Labels:
0 Helpful
2 Replies 2

Michael Muenz
Level 5
Level 5

‎02-21-2013 05:51 AM

Please check if the destination of AnyConnect is in trusted sites and also if local LAN and VPN pool doesn't overlap

Michael Please rate all helpful posts
0 Helpful

Sharmeelan Mahendrarajah
Level 1
Level 1

‎07-27-2013 12:13 AM

If you are referring to the client refusing to trust the destination, then in this case check to see whether your client has an option under Preferences for 'Block untrusted server". If yes, then uncheck and try again. This issue is seen if your firewall is using a self-signed cert and/or the public key is not in your pc cert store

Sent from Cisco Technical Support iPhone App

0 Helpful
Customers Also Viewed These Support Documents