Cisco AnyConnect Secure Mobility Client SSL VPN connections fail when the computer is configured to use the Web Security Service (WSS) through the Symantec Endpoint Protection (SEP) client Web Traffic Redirection (WTR) feature.
The default policy used by the Cisco AnyConnect client does not allow connections through loopback proxies such as the SEP WTR Local Proxy Service (LPS).
There are multiple solutions for this problem. The solution you choose to implement will depend on your organization's policies, and preferences. To allow Cisco AnyConnect VPN clients to connect on computers running SEP WTR do one of the following:
Configure the Cisco AnyConnect VPN client to connect directly to the VPN concentrator without using the SEP LPS proxy service
Configure the Cisco AnyConnect VPN client to allow connections over a loopback proxy