KB ID 0001699
Problem
I was assisting a colleague to setup some AnyConnect for a client this afternoon, when all of a sudden I was met with this;
VPN
Logon denied, unauthorised connection mechanism, contact your administrator
Solution
This was a confusing one, I replicated the problem on my own test firewall. All I had done was change the AAA method from LOCAL to LDAP? It took me a while to figure out what was going on?
The reason why this is happening is because the GROUP POLICY your AnyConnect PROFILE is using does not have SSL enabled. (This makes no sense as it was working with LOCAL authentication, but this is how I fixed it).
You will be either using a specific group policy or the DfltGrpPolicy
[box]
IF USING THE DEFAULT GROUP POLICY Petes-ASA(config)# group-policy DfltGrpPolicy attributes Petes-ASA(config-group-policy)# vpn-tunnel-protocol ssl-client ssl-clientless IF USING A SPECIFIC GROUP POLICY (Remember to include any, that already exist! e.g. l2tp-ipsec) Petes-ASA(config)# group-policy PNL-GP-ANYCONNECT-ACCESS attributes Petes-ASA(config-group-policy)# vpn-tunnel-protocol ssl-client ssl-clientless l2tp-ipsec
[/box]
Or, if you really HAVE TO use the ASDM.
Configuration > RemoteAccess VPN > Network (Client) Access > Group Policies > Select the Group Policy you are using > Edit.
General > More Options > Tick the SSL Options > OK > Apply.
Don’t forget to save your changes! Then try connecting again.
Related Articles, References, Credits, or External Links
NA