Cisco AnyConnect Secure Mobility Client SSL VPN connections fail when the computer is configured to use the Web Security Service (WSS) through the Symantec Endpoint Protection (SEP) client Web Traffic Redirection (WTR) feature.
The default policy used by the Cisco AnyConnect client does not allow connections through loopback proxies such as the SEP WTR Local Proxy Service (LPS).
There are multiple solutions for this problem. The solution you choose to implement will depend on your organization's policies, and preferences. To allow Cisco AnyConnect VPN clients to connect on computers running SEP WTR do one of the following:
Note: Contact Cisco support if you require assistance configuring your Cisco AnyConnect policies.
Configure AnyConnect to bypass the WSS proxy
Ensure your Cisco AnyConnect client policy is configured to ignore system proxy settings. The policy should include the following:
Ensure your Cisco AnyConnect client's policy allows VPN connections over localhost proxy connections. The policy should include the following: