Configure Cisco EasyVPN With Cisco ASA 5500

KB ID 0000337

Problem

Site to site VPN’s are great for main office to branch office connections, but for remote workers in a SOHO environment obtaining a static IP address can be expensive and time consuming. Traditionally remote workers will use either AnyConnect or IPSEC Remote VPN’s.

However Cisco have a system which lets you have a main site (or sites), with a static IP, that acts as the EasyVPN server, then remote sites with dynamic DHCP IP addresses can authenticate and connect via a hardware device. That remote hardware device can be another ASA (Note: Only ASA5505 can be used as an EasyVPN client), or a Cisco IOS router. In addition if you have any old PIX 501 or 506E firewalls laying around they can also be used as EasyVPN clients.

Solution

Step 1 Setup the EasyVPN server at the main site. (Example on ASA5510)

Step 2 Setup the EasyVPN client at the remote site. (Example on ASA5505)

Before you start – No other VPN’s can be running from this remote device, i.e. ISAKMP cannot be enabled on its outside interface.

Related Articles, References, Credits, or External Links

NA

Cisco AnyConnect Error (iPhone)

KB ID 0000362

Problem

While using the Apple/Cisco Anyconnect App/Client you receive the following error.

Error:

The secure gateway has rejected the agent’s VPN request. A New connection requires re-authentication and must be started manually. Please contact your network administrator if this problem persists.
The following message was received from the security gateway: No License.

 

Solution

The most pertinent information above is the last two words of the error message “No License”

This DOES NOT mean you have ran out of SSL/AnyConnect Licences!

This licence is a “One Off” purchase and will enable the feature on your ASA, be aware the licence is different for each model make sure you purchase the correct one!

AnyConnect Mobile, (or AnyConnect for Mobile) licence details can be found at Cisco’s website Below is the section we are interested in.

Update 2017: Applying a modern AnyConnect (v4) licence, will also enable the mobile feature as well.

Once the correct licences are installed this is what it SHOULD look liike.

 

Related Articles, References, Credits, or External Links

Cisco ASA 5500 – Adding Licenses

Android AnyConnect Error

Android AnyConnect Error

KB ID 0000537

Problem

While using the Android/Cisco Anyconnect App/Client you receive the following error.

Error:

The secure gateway has rejected the agent’s VPN request. A New connection requires re-authentication and must be started manually. Please contact your network administrator if this problem persists.
The following message was received from the security gateway: No License.

Solution

The most pertinent information above is the last two words of the error message “No License”

This DOES NOT mean you have ran out of SSL/AnyConnect Licences!

This licence is a “One Off” purchase and will enable the feature on your ASA, be aware the licence is different for each model make sure you purchase the correct one!

AnyConnect Mobile, (or AnyConnect for Mobile) licence details can be found at Cisco’s website Below is the section we are interested in.

Once the correct licences are installed this is what it SHOULD look liike.

Related Articles, References, Credits, or External Links

Cisco ASA 5500 – Adding Licenses

Cisco AnyConnect Error (iPhone)