Nov 12, 2019 Cisco Identity Services Engine (ISE) is a security policy management platform that provides secure access to network resources. Cisco ISE allows enterprises to gather real-time contextual information from networks, users, and devices. AnyConnect was not able to establish a connection to the specificed secure gateway If the user disconnects from the mobile broadband service and connects to a typical wireless (or wired) access point, the vpn session is established without any errors.
Cisco Anyconnect Cannot Establish Connection Secure Gateway Connection
Windows Users (macOS users, please scroll to the bottom)
Cisco Anyconnect Cannot Establish Connection Secure Gateway Download
There are a couple of reasons why a Windows user will get the error 'AnyConnect was not able to establish a connection to the specified secure gateway' or 'The VPN client agent was unable to create the interprocess communication depot' while trying to connect using the Software VPN:
- More than 1 user is logged on to the computer at one time or
- ICS (Internet Connection Sharing) is enabled.
Here's how to fix both problems.
More than 1 user is logged on to the computer at one time
Advise the user to restart the computer. This will logoff any other users who may be logged on. If the problem persists, read on.
Check to see if ICS (Internet Connection Sharing) is running
- Select the Start button and then select the Control Panel.
- Under the Network and Internet category, select the Network and Sharing Center.
- In the left-hand panel select Change Adapter Settings.
- Right-click the network connection being shared (try the wired/Ethernet adapter connection first and then check the other adapters) and select Properties.
- Select the Sharing tab.
- Uncheck the box to Allow other network users to connect through this computer's connection.
- Select OK.
Additionally, check that the ICS service is not running.
Cisco Anyconnect Cannot Establish Connection Secure Gateway Download
- Select the Start button and then select Run.
- Type: services.msc and press ENTER on your keyboard.
- Find Internet Connection Sharing (ICS) and then stop the service.
- Change the Startup Type to Disabled and then reboot the computer.
macOS users
Unfortunately the current AnyConnect VPN client will only run on macOS versions newer than 10.12 (Sierra). Please update your operating system. Faculty and staff should partner their with their local CSC, and students should reach out to AntTech for assistance. The OITHD cannot assist with OS upgrades, and we cannot implement any changes to the network to get your computer to connect to the VPN. We apologize for the inconvenience. You may continue to use the WebVPN at https://vpn.uci.edu
Versions older than macOS 10.12 are no longer supported by Apple, so our recommendation is that you upgrade to at least Mavericks. Your system could be vulnerable to attacks that are fixed in newer releases, and your system could be compromised and used to attack other systems (and possibly used to attack UCI when you are using the VPN).
In addition, there are bug fixes and security updates to the VPN client that necessitate it being updated to fix problems other users are having and to prevent security issues with older clients.
Date: Oct 10, 2013
By: Mike Khzouz (Mike@bostonIT.com)
Scenario:
When using the Linux Cisco AnyConnect client x64 (like MAC, Ubuntu, Redhat RHEL and Debian) you might get the error above or if you connect through command like you might get the following errors:
Resolution:
1- Before you start troubleshooting the issue on the client side, make sure SSL certificates are installed and configured properly on the ASA. Go to http://www.digicert.com/help/ and test your server SSL certificate, if you see any issues, talk to your system admin to fix. In addition to your company SSL certificate, intermediate certificate from the ssl provider needs to be installed on the asa too, and that web tool can show you any issues in that regard (this is a common issue - missing intermediate cert) .
2- Important: Upgrade to the latest Cisco AnyConnect client. You can download that from the cisco TAC site but you need a username and a password. The latest version of Anyconnect as of this article is 3.1.04066.
3- In one of the cases the Cisco ASA had a Go Daddy SSL Certificate. Copying Go Daddy certificate from that Linux SSL Certificate folder to Cisco SSL certificate folder on the linux machine forced Anyconnect to trust that certificate.
sudo cp /etc/ssl/certs/Go* /opt/.cisco/certificates/ca/
If you are using a different 3rd party SSL certificate on the ASA, then you need to copy that certificate the same way
You can also copy all the certificates from /etc/ssl/certs/ to /opt/.cisco/certificates/ca/ if you are not sure what certificate you are using.
If you get this error in Windows make sure you stop Internet Sharing service in Windows services
If you find this article helpful, please click to like our facebook page below so we can keep on adding quality hands-on articles.