Cisco Secure Client - AnyConnect VPN

TH6
Here to help

Cisco Secure Client - AnyConnect VPN

When attempting to use the AnyConnect VPN (and client) in lieu of the IPSEC client vpn connection, we are getting "Login Failed" errors.  Same credentials, same Meraki MX appliance.  IPSEC client vpn connections work, but AnyConnect do not.  I'm wanting to use the AnyConnect client as it is a more elegant solution than the Windows Native VPN client for example.

8 Replies 8
alemabrahao
Kind of a big deal
Kind of a big deal

Have you checked the logs on the MX?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
TH6
Here to help

Yes, getting "Authentication request rejected", but the log doesn't state the reason why

JonathanSwitch
Meraki Employee
Meraki Employee

What type of authentication are you using?

TH6
Here to help

RADIUS authentication…..  I’m getting the following error in the MS/NPS event log:

 

“The RADIUS request did not match any configured connection request policy (CRP).”  Trying to find the correct NPS/CRP configuration to match our Meraki AnyConnect settings.

JonathanSwitch
Meraki Employee
Meraki Employee

The NPS setup is slightly different for AnyConnect vs. Client VPN I believe so you can't just move from one to the other without a new connection request policy. Take a look at both of these KB's and cross compare the connection request policy settings. I recommend creating a new one for AnyConnect if you have not done so already:

 

Client VPN:

https://documentation.meraki.com/MX/Client_VPN/Configuring_RADIUS_Authentication_with_Client_VPN

 

AnyConnect:

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/Authentication#RADIUS_...

 

 

TH6
Here to help

Thank you, much!  Your articles help me resolve the issue!

alemabrahao
Kind of a big deal
Kind of a big deal

You need to create a new policy for Anyconnect.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
TH6
Here to help

My issue has been resolved.  Thank you.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels