AnyConnect – ‘Your environment does not meet the criteria’

Advertisement

KB ID 0001232 Dtd 25/08/16

Problem

For an existing client, I was setting up a new user. I connected their laptop though my mobile phone and attempted to connect. This is the error I got.

VPN You Environment Does Not Meet Access Criteria

Cisco AnyConnect
Logon denied: Your environment does not meet the access criteria defined by your administrator.

 

Solution

A cursory glance over the firewall config didn’t yield anything in their AAA settings that was odd, they were simply using LDAP for authentication.

I probably should have guessed the answer earlier than I did, (because I’ve written an article on it). But the reason this was failing was, the firewall had a Dynamic Access Policy (DAP) attached to the remote VPN, that only permitted access to users that were in a particular Active Directory group. This user was not a member of that group.

To check your Dynamic Access Policies and understand how to find them, (you need to be in the ASDM!) See the following article;

Cisco ASA – AnyConnect Authentication via LDAP and Domain User Groups

 

Related Articles, References, Credits, or External Links

NA

Author: PeteLong

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *