KB ID 0001232
Problem
For an existing client, I was setting up a new user. I connected their laptop though my mobile phone and attempted to connect. This is the error I got.
Cisco AnyConnect
Logon denied: Your environment does not meet the access criteria defined by your administrator.
Solution
A cursory glance over the firewall config didn’t yield anything in their AAA settings that was odd, they were simply using LDAP for authentication.
I probably should have guessed the answer earlier than I did, (because I’ve written an article on it). But the reason this was failing was, the firewall had a Dynamic Access Policy (DAP) attached to the remote VPN, that only permitted access to users that were in a particular Active Directory group. This user was not a member of that group.
To check your Dynamic Access Policies and understand how to find them, (you need to be in the ASDM!) See the following article;
Cisco ASA – AnyConnect Authentication via LDAP and Domain User Groups
Related Articles, References, Credits, or External Links
NA
In my case the AntiVirus was not up to date.
Thanks of the feedback!