I have been successfully able to setup Cisco AnyConnect VPN on ASA 5520 with 8.4 code. The secure gateway has rejected the connection attempt. A new connection. What should be done when an attempt to connect to VPN using Cisco AnyConnect generates this message: AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again. In the Windows Control Panel navigate to Internet options (Network and Internet Connections, and then Internet Options). Apr 11, 2021 Cisco Bug: CSCvs40531 - AnyConnect 4.8 not able to establish RA SSL to ASA/FTD headend. The secure gateway has rejected the connection attempt. 'The secure gateway has rejected the agent's VPN connect or reconnect request. A new connection requires re-authentication and must be started manually. Please contact your network administrator if this problem persists. The Following message was received from the secure gateway: Host or network is 0'.
Cisco AnyConnect VPN Client
Date: Oct 10, 2013
By: Mike Khzouz (Mike@bostonIT.com)
Scenario:
When using the Linux Cisco AnyConnect client x64 (like MAC, Ubuntu, Redhat RHEL and Debian) you might get the error above or if you connect through command like you might get the following errors:
Resolution:
1- Before you start troubleshooting the issue on the client side, make sure SSL certificates are installed and configured properly on the ASA. Go to http://www.digicert.com/help/ and test your server SSL certificate, if you see any issues, talk to your system admin to fix. In addition to your company SSL certificate, intermediate certificate from the ssl provider needs to be installed on the asa too, and that web tool can show you any issues in that regard (this is a common issue - missing intermediate cert) .
2- Important: Upgrade to the latest Cisco AnyConnect client. You can download that from the cisco TAC site but you need a username and a password. The latest version of Anyconnect as of this article is 3.1.04066.
3- In one of the cases the Cisco ASA had a Go Daddy SSL Certificate. Copying Go Daddy certificate from that Linux SSL Certificate folder to Cisco SSL certificate folder on the linux machine forced Anyconnect to trust that certificate.
sudo cp /etc/ssl/certs/Go* /opt/.cisco/certificates/ca/
If you are using a different 3rd party SSL certificate on the ASA, then you need to copy that certificate the same way
You can also copy all the certificates from /etc/ssl/certs/ to /opt/.cisco/certificates/ca/ if you are not sure what certificate you are using.
If you get this error in Windows make sure you stop Internet Sharing service in Windows services
If you find this article helpful, please click to like our facebook page below so we can keep on adding quality hands-on articles.