I had a user experience this issue. Fiddler was blocking Cisco AnyConnect VPN from running. When the user launched the Cisco AnyConnect client, the error showed as follows:
"The VPN connection is not allowed via a local proxy. This can be changed through AnyConnect profile settings."
The issue was Fiddler being set up to act as a system proxy on startup. To remedy this issue, open Fiddler, go into Tools > Options > Connections tab and uncheck 'Act as system proxy on startup' > click OK > exit and restart Fiddler. You should now be able to connect to Cisco AnyConnect.
If you had Fiddler installed and uninstalled it but still get this error, reinstall Fiddler and follow the instructions above. Once you confirm that you can reconnect to Cisco AnyConnect VPN, uninstall it.
6 Answers, 1 is accepted
This does not seem to be Fiddler-related issue, but rather AnyConnect's prohibition of usage of local proxy. If Fiddler is turned off there should not be any problem. Also, if Fiddler is uninstalled, it cannot cause the problem anymore, no need for reinstallation and unchecking the setting.
Regards,
Alexander
Progress Telerik
Rank 1
I can confirm that AnyConnect does have issues once you enable https decryption with install interception certificates. It doesn't always happen but when it does I immediately open fiddler, disable https and remove interception certificates and it works fine. I suspect that Cisco posturing mode fails when it loads the required x509 certs.
To be clear; I may have had interception certificates installed from a day or two ago. I immediately startup Cisco AnyConnect on bootup and Fiddler is not running. Once I fix my certs, I connect fine and I can immediately reinstall those interception certs and I'm good the rest of the day.
Is there a way I can conditionally exclude certain certs from interception?
Rank 1
Here is the logs from AnyConnect; it'll keep failing and either report failure or over and ask for my credentials again. I'm not sure what certificate it's attempting to use yet.
11/7/2018
7:00:43 PM Ready to connect.
7:00:44 PM Automatically selected server: ****REDACTED****
7:00:44 PM Contacting ***REDACTED******.
7:00:45 PM No valid certificates available for authentication.
7:00:46 PM Posture Assessment: Required for access
7:00:46 PM Posture Assessment: Checking for updates...
7:00:46 PM Posture Assessment: Initiating...
7:00:49 PM Posture Assessment: Active
7:00:49 PM Posture Assessment: Initiating...
7:04:19 PM User credentials entered.
7:04:19 PM Hostscan is performing system scan
7:04:20 PM Hostscan is performing software scan
7:04:26 PM Hostscan state idle
7:04:27 PM Hostscan is waiting for the next scan
7:05:27 PM Hostscan is performing system scan
7:05:28 PM Hostscan is performing software scan
7:05:34 PM Hostscan state idle
7:05:35 PM Hostscan is waiting for the next scan
7:06:35 PM Hostscan is performing system scan
7:06:36 PM Hostscan is performing software scan
7:06:42 PM Hostscan state idle
7:06:43 PM Hostscan is waiting for the next scan
7:07:44 PM Hostscan is performing system scan
7:07:44 PM Hostscan is performing software scan
7:07:51 PM Hostscan state idle
7:07:52 PM Hostscan is waiting for the next scan
7:08:52 PM Hostscan is performing system scan
7:08:53 PM Hostscan is performing software scan
7:08:59 PM Hostscan state idle
7:09:00 PM Hostscan is waiting for the next scan
7:10:00 PM Hostscan is performing system scan
7:10:01 PM Hostscan is performing software scan
7:10:07 PM Hostscan state idle
7:10:08 PM Hostscan is waiting for the next scan
7:11:09 PM Hostscan is performing system scan
7:11:09 PM Hostscan is performing software scan
7:11:15 PM Hostscan state idle
7:11:16 PM Hostscan mission complete
7:26:38 PM Ready to connect.
Rank 1
Here is the logs from vpn; it'll keep failing and either report failure or over and ask for my credentials again. I'm not sure what certificate it's attempting to use yet.
11/7/2018<br> 7:00:43 PM Ready to connect.<br> 7:00:44 PM Automatically selected server: ****REDACTED****<br> 7:00:44 PM Contacting ***REDACTED******.<br> 7:00:45 PM No valid certificates available for authentication.<br> 7:00:46 PM Posture Assessment: Required for access<br> 7:00:46 PM Posture Assessment: Checking for updates...<br> 7:00:46 PM Posture Assessment: Initiating...<br> 7:00:49 PM Posture Assessment: Active<br> 7:00:49 PM Posture Assessment: Initiating...<br> 7:04:19 PM User credentials entered.<br> 7:04:19 PM Hostscan is performing system scan<br> 7:04:20 PM Hostscan is performing software scan<br> 7:04:26 PM Hostscan state idle<br> 7:04:27 PM Hostscan is waiting for the next scan<br> 7:05:27 PM Hostscan is performing system scan<br> 7:07:51 PM Hostscan state idle<br> 7:11:16 PM Hostscan mission complete<br> 7:26:38 PM Ready to connect.
Rank 1
It mostly depends on the VPN you use. Do you use any paid or free ones? It's better to use paid, official ones as ExpressVPN, NordVPN, VeePN or any other. Cause as far as I see, you're using a free one that's why it comes with limited functionality and hence blocking Cisco.
If you're not sure which vpn to choose read reviews here https://en.vpnwelt.com/ or from any other trustful resource.
Hello everyone,
As a side note, the order of execution of FIddler (or Fiddler Everywhere) alongside Cisco AnyConnect could also have an impact on the proper proxy configuration. For example, check this workflow that is applicable for Fiddler Everywhere.
Regards,
Nick Iliev
Progress Telerik
Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.