Cisco Anyconnect Cannot Connect To Secure Gateway

Telework at VA

  1. [SOLVED] AnyConnect Was Not Able To Establish A Connection To ...
  2. Cisco ASA 5500 Series Adaptive Security Appliances
  3. Cisco Anyconnect Could Not Connect To Secure Gateway
  4. Cisco Anyconnect Will Not Connect

Telework is governed by VA Handbook 5011/26/31 Part II Chapter 4.
Employees working with their supervisor would need to determine telework suitability and eligibility to telework. Once determined telework eligible the employee would need to fill out VA Form 0740 Telework Agreement, the Telework Notification Letter – Employee Eligible to Telework, and you will need to complete Talent Management System (TMS) training as follows:

[SOLVED] AnyConnect Was Not Able To Establish A Connection To ...

  • All managers must complete TMS Course VA1366994 — Telework Training Module for Managers.
  • All employees requesting telework must complete
    • TMS Course VA1367006—Telework training module for employees
    • TMS Course VA10176—VA Privacy and Information Security Awareness and Rules of Behavior
    • TMS Course VA10203 Privacy and HIPAA Training

Additional information on telework can be found Office of Human Resources Management Telework webpage ( only available while on VA's internal network) and OPM’s Telework website.

We have the same problem with AnyConnect, and found two solutions. The easy way is update to the newest version of Cisco AnyConnect Secure Mobility, The other one is change the registry as you say, but this is a very slow process. Using Windows 8 Pro, o pen regedit through the run command. Mar 31, 2020 Q: What should be done when an attempt to connect to VPN using Cisco AnyConnect generates this message: AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again. In the Windows Control Panel navigate to Internet. “Failed to install AnyConnect Secure Mobility Client because the process is running in protected mode and cannot perform an install. The secure gateway must be added to the Trusted Sites Zone in Internet Explorer. A VPN connection cannot be established.” Go to Tools Internet Options Security. Apr 15, 2021 Enable Optimal Gateway Selection (OGS), (IPv4 clients only)— AnyConnect identifies and selects which secure gateway is best for connection or reconnection based on the round trip time (RTT), minimizing latency for Internet traffic without user intervention. OGS is not a security feature, and it performs no load balancing between secure. AnyConnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network. I tried all the usual troubleshooting steps including re-installing, upgrading version and trying the client in a clean install of the OS in a virtual machine.

VA Remote Access

VA Handbook 6500 identifies the compliance requirements for VA remote access users.

VA supports remote access with two different applications 1. Citrix Access Gateway (CAG) and 2. CISCO RESCUE VPN Client. The Citrix Access Gateway is designed for users that do not have VA Government Furnished Equipment (GFE) – CAG is a good option to allow users access to general applications such as email and chat. The CISCO RESCUE VPN Client is only for use on VA Government Furnished Equipment (GFE) and is installed on all GFE laptops. Users would still need to request remote access and have their remote access accounts enabled for use with either CAG or RESCUE.

You may request remote access by visiting the Remote Access Self Service Portal ( only available while on VA's internal network).

Please note the Self-Service Portal is only accessible from within the VA network, it is not externally accessible. If you require technical support, please reference the FAQs and other supporting documentation found at https://raportal.vpn.va.gov or contact the Enterprise Service Desk (855) 673-4357.

Software, supporting documentation, FAQs and general information are hosted at the VA’s Remote Access Information and Media Portal. Please ensure you have Transport Layer Security (TLS) 1.1 enabled on your web browser before attempting to access this site. To enable TLS within Internet Explorer: Select ‘Tools’, then ‘Internet Options’, then the ‘Advanced’ tab. Enable the checkbox for ‘Use TLS 1.1’ (found towards the end of the list).

See

Cisco ASA 5500 Series Adaptive Security Appliances

How do users or facilities request equipment if they require VPN access?

  1. Click the “Your IT” Icon on your desktop or go to YourIT Services ( only available while on the VA’s internal network)
  2. Click “Make a Request”
  3. Click “Computer Services,” under categories
  4. Click on “OIT Equipment and Software”
  5. Complete all required fields.
  6. Tag request for COVID in “Justification,” field

If you do not require VPN, use the CAG process.

Cisco Anyconnect Could Not Connect To Secure Gateway


Date: Oct 10, 2013
By: Mike Khzouz ([email protected])
Scenario:
When using the Linux Cisco AnyConnect client x64 (like MAC, Ubuntu, Redhat RHEL and Debian) you might get the error above or if you connect through command like you might get the following errors:
Resolution:
1- Before you start troubleshooting the issue on the client side, make sure SSL certificates are installed and configured properly on the ASA. Go to http://www.digicert.com/help/ and test your server SSL certificate, if you see any issues, talk to your system admin to fix. In addition to your company SSL certificate, intermediate certificate from the ssl provider needs to be installed on the asa too, and that web tool can show you any issues in that regard (this is a common issue - missing intermediate cert) .
2- Important: Upgrade to the latest Cisco AnyConnect client. You can download that from the cisco TAC site but you need a username and a password. The latest version of Anyconnect as of this article is 3.1.04066.
3- In one of the cases the Cisco ASA had a Go Daddy SSL Certificate. Copying Go Daddy certificate from that Linux SSL Certificate folder to Cisco SSL certificate folder on the linux machine forced Anyconnect to trust that certificate.
sudo cp /etc/ssl/certs/Go* /opt/.cisco/certificates/ca/
If you are using a different 3rd party SSL certificate on the ASA, then you need to copy that certificate the same way
You can also copy all the certificates from /etc/ssl/certs/ to /opt/.cisco/certificates/ca/ if you are not sure what certificate you are using.
If you get this error in Windows make sure you stop Internet Sharing service in Windows services
If you find this article helpful, please click to like our facebook page below so we can keep on adding quality hands-on articles.

Cisco Anyconnect Will Not Connect