all 8 comments

[–]chronop 0 points1 point  (3 children)

Sounds like a lot of networking stuff going wrong. I'm assuming you have internet access on the Ubuntu machine? Can you ping the host and resolve it's DNS name?

[–][deleted]  (2 children)


    [–]chronop 0 points1 point  (1 child)

    Okay, so if you really have internet access maybe your works VPN gateway is just blocking pings. Can you install Nmap on the Ubuntu machine (apt install nmap) and try to do a port scan? Once you installed it you would do something like this

    nmap gateway -p443

    And replace gateway with your VPN gateway. Looks like an SSL VPN so I'm assuming it's on port 443, the -p443 will tell it what port(s) to scan. If you can't even see the VPN port as open, the problem probably isn't related to the VPN at all.

    [–]downrightmike 0 points1 point  (1 child)

    Disable ics

    [–]johsj 0 points1 point  (3 children)

    Can you browse to the anyconnect login page from a browser on the Ubuntu machine?

    [–][deleted]  (2 children)


      [–]johsj 0 points1 point  (1 child)

      Open a browser and go to https://<gateway address> You should get the anyconnect login page

      [–]qa_doesnt_existCCBE (cisco certfied bonjour expert) 0 points1 point  (5 children)

      Open a terminal then type:

      sudo openconnect <gateway ip address>

      select yes to accept the cert

      type in your group, then username and password.

      If any of the above fails then its probably the config on the gateway.

      [–][deleted]  (4 children)


        [–]qa_doesnt_existCCBE (cisco certfied bonjour expert) 0 points1 point  (3 children)

        Are they using Cisco Secure Desktop? I remember seeing something similar when that is enabled.

        [–][deleted]  (2 children)


          [–]qa_doesnt_existCCBE (cisco certfied bonjour expert) 0 points1 point  (1 child)

          Well, the windows client has much wider use and is actually supported. If you got the latest linux client from Cisco and can't get it to work, as long as your company has support on the firewall you could call tac for assistance. Without knowing how the firewall is configured it is very hard to know if the configuration will support the openconnect client.