Huntload222

Jan 9, 2013

1. Cisco Secure Desktop (CSD) FAQ
2. See More Results
3. AnyConnect Local Auth - LearnIOS.com
4. AnyConnect VPN Client FAQ
5. Cisco ASA 5500 Series Adaptive Security Appliances
6. User Not Authorized For Anyconnect Client Access

it's probably just me but I have tried real hard to get a simple AnyConnect setup working in a lab environment on my ASA 5505 at home, without luck. When I connect with the AnyConnect client I get the error message 'User not authorized for AnyConnect Client access, contact your administrator'. I have searched for this error and tried some of the few solutions out there, but to no avail. I also updated the ASA from 8.4.4(1) to 9.1(1) and ASDM from 6.4(9) to 7.1(1) but still the same problem.
The setup of the ASA is straight forward, directly connected to the Internet with a 10.0.1.0 / 24 subnet on the inside and an address pool of 10.0.2.0 / 24 to assign to the VPN clients. Please note that due to ISP restrictions, I'm using port 44455 instead of 443. I had AnyConnect working with the SSL portal, but IKEv2 IPsec is giving me a headache. I have stripped down certificate authentication which I had running before just to eliminate this as a potential cause of the issue. When running debugging, I do not get any error messages - the handshake completes successfully and the local authentication works fine as well.
ASA Version 9.1(1)
!
hostname ASA
domain-name ingo.local
enable password ... encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
[Code] .....

Conducting business from a remote location requires different levels of access. These levels range from Level I, resources that are available from an outside network such as the USNA public website and Gmail to Level III, access to resources that require a USNA IP address.

Instructions for accomplishing the different levels of access are provided below. If you require a level of access not listed here, or have a question please submit a Web Help Desk Ticket

This means that local devices, such as printers, may not work when you are connected to VPN. The client you use to connect to VPN (AnyConnect) will auto update upon connection. To use the new VPN, please follow the steps below: In the AnyConnect client, enter 'vpn.uab.edu' in the connect window and click 'Connect'. Create a profile, preferably one with a name/alias your users will recognize. Be sure to select the AAA group created earlier, set the internal DNS and set the GP to “NOACCESS”. The LDAP attribute map we created earlier will dynamically assign the GP when the user logins. Also set the subnet/dhcp settings that you want.

(Click Here for instructions to submit a help ticket).

Level I - USNA resources available from off-site

Access to USNA systems such as GSuite (including Gmail, Google Hangouts Meet and Google Classroom) Blackboard, MIDS, the Password Portal and Panapto. This level of access is available from networks external to USNA such as your home WiFi. A list of these applications is provided atthis USNA public webpage. PLEASE DO NOT use the VPN/VDI to access these publicly available applications. It is not required, and doing so detrimentally affects use of limited VPN/VDI resources for other users.

Level II - Access to USNA Intranet (Internal-only) websites

Access to USNA Intranet websites that are not available using Level I access. This includes the USNA internal Department websites, BusinessObjects/WebIntelligence, Library resources, and the IT Web Helpdesk application.

For Faculty:

Getting to these sites requires authorized VPN users to login to the USNA SSL VPN website at https://sslvpn.usna.edu. See these instructions.

Cisco Secure Desktop (CSD) FAQ

Please note: During the COVID-19 work-at-home period, the need for signing a Remote User Agreement (RUA ) is waived. If you plan to telework after the crisis is over, you will be required to submit the RUA. Users are responsible to comply with the RUA despite not signing the document. See details here.

See More Results

For Midshipmen:

Cisco VPN Authorized

Level III - Access to resources that require USNA IP Address (Telnet, SSH)

AnyConnect Local Auth - LearnIOS.com

Direct access to USNA internal resources including software that requires a USNA IP address is accomplished for authorized VPN users by downloading and connecting to the AnyConnect Client. Click Here for instructions.

AnyConnect VPN Client FAQ

Please note: Midshipmen who need Level II or Level III access from outside USNA should utilize the Virtual Desktop Infrastructure (VDI). See instructions here. Midshipmen who require Level II or Level III VPN access to meet course requirements will be contacted by their instructors.

Cisco ASA 5500 Series Adaptive Security Appliances

User Not Authorized For Anyconnect Client Access