Windows Users (macOS users, please scroll to the bottom)

报错信息： AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again. 大概意思是AnyConnect无法建立连接到指定的安全网关。请尝试再次连接。 解决方法：. 症状：Windows8.1において Cisco AnyConnect でVPN接続しようとするとエラー'AnyConnect was not able to establish a connection to the specified secure gateway. Please try connection again' が出てVPN接続できない。これはある日突然発生することもある。対処. This can be a problem related to the configuration or perhaps you do not have the image for the OS that you are working on. Confirm that you have the.pkg on your firewall, if you do not have it you will need to download it from cisco.com and upload it to the firewall. Note that you if you have a firewall cluster you have the copy to both firewalls otherwise if failover happens you will face.

There are a couple of reasons why a Windows user will get the error 'AnyConnect was not able to establish a connection to the specified secure gateway' or 'The VPN client agent was unable to create the interprocess communication depot' while trying to connect using the Software VPN:

• More than 1 user is logged on to the computer at one time or
• ICS (Internet Connection Sharing) is enabled.

Here's how to fix both problems.

More than 1 user is logged on to the computer at one time

Advise the user to restart the computer. This will logoff any other users who may be logged on. If the problem persists, read on.

Check to see if ICS (Internet Connection Sharing) is running

1. Select the Start button and then select the Control Panel.
2. Under the Network and Internet category, select the Network and Sharing Center.
3. In the left-hand panel select Change Adapter Settings.
4. Right-click the network connection being shared (try the wired/Ethernet adapter connection first and then check the other adapters) and select Properties.
5. Select the Sharing tab.
6. Uncheck the box to Allow other network users to connect through this computer's connection.
7. Select OK.

Additionally, check that the ICS service is not running.

1. Select the Start button and then select Run.
2. Type: services.msc and press ENTER on your keyboard.
3. Find Internet Connection Sharing (ICS) and then stop the service.
4. Change the Startup Type to Disabled and then reboot the computer.

macOS users

Unfortunately the current AnyConnect VPN client will only run on macOS versions newer than 10.12 (Sierra). Please update your operating system. Faculty and staff should partner their with their local CSC, and students should reach out to AntTech for assistance. The OITHD cannot assist with OS upgrades, and we cannot implement any changes to the network to get your computer to connect to the VPN. We apologize for the inconvenience. You may continue to use the WebVPN at https://vpn.uci.edu

Versions older than macOS 10.12 are no longer supported by Apple, so our recommendation is that you upgrade to at least Mavericks. Your system could be vulnerable to attacks that are fixed in newer releases, and your system could be compromised and used to attack other systems (and possibly used to attack UCI when you are using the VPN).

In addition, there are bug fixes and security updates to the VPN client that necessitate it being updated to fix problems other users are having and to prevent security issues with older clients.

Anyconnect Was Not Able To Establish Connection Secure Gateway

Anyconnect Was Not Able To Establish Secure Gateway Address

I have been successfully able to setup Cisco AnyConnect VPN on ASA 5520 with 8.4 code. I have set it to authenticate against the RADIUS Server (Microsoft Windows 2008 NPS server). I have noticed one thing, on the server under 'Constraints and Authentication Method'. I picked MS-CHAP-v2, but it is considered Less secure authentication methods. I can click on Add and choose other Authentication methods like Smart Card or other Certificate, PEAP, EAP-MSCHAP v2. I picked PEAP but then the VPN does not work.
So first of all does it really matter if I just leave it to MS-CHAP-v2? Because from my understanding is that AnyConnect will authenticate to ASA and then ASA in the backend talks to the RADIUS server so from a security stand point this scenario shouldn't it be sufficient as no un encrypted or less secure information is available to the outside world? Secondly is there any documentation on using PEAP with Cisco AnyConnect?