Explain Any Connect Is Not Enabled On The VPN Server Failure

Explain Any Connect Is Not Enabled On The VPN Server Failure

This error can occur if the group policy does not have a vpn-tunnel-protocol for AnyConnect software.

To resolve this problem, you have to find the active group policy and set the attributes for the connection.

If the ASA version is above 8.3, you below configuration

group-policy GRPPOL-AC-FULL attributes

VPN-tunnel-protocol SSL-client

If the ASA version is below 8.3, you below configuration

group-policy GRPPOL-AC-FULL attributes

VPN-tunnel-protocol svc

Explain Any Connect Is Not Enabled On The VPN Server Failure

The full error reads:

“AnyConnect is not enabled on the VPN Server”

This problem happens when a user tries to connect to a Cisco ASA using the Cisco AnyConnect client. This problem can happen if the group-policy where the user is connecting to does not have a “vpn-tunnel-protocol” for AnyConnect. To fix the problem, locate the group-policy where the user is connecting to. You can find the group-policy the user is using by checking the logs.

After this, verify that the “vpn-tunnel-protocol” is configured. For ASA 8.3 and higher, see the following:

group-policy GRPPOL-AC-FULL attributes
vpn-tunnel-protocol ssl-client

For ASA older than version 8.3, see the following:

group-policy GRPPOL-AC-FULL attributes
vpn-tunnel-protocol svc

If the problem continues, it is most of the time due to the user not being in the correct Active Directory group. There are firewalls that are configured for authentication against Active Directory via an ACS or RADIUS server. You can configure the ACS or RADIUS server to assign the group policy to the user after authentication.