按照报错信息可以从cisco的bug库中搜索到一个类似的bug,有可能是系统ipv6 feature的原因,受影响的版本是3.1(495),如果你的anyconnect版本还有系统恰好符合这个bug描述的话,可以尝试更换一个anyconnect的版本 (https://bst.cloudapps.cisco.com/bugsearch/bug/CSCud73928 ) <--- bug url
如果按照bug中的临时解决办法,卸载了ipv6,重启重装anyconnect仍旧不能解决的话,可以将一些连接的message收集上来再做分析。
//可以参考下图查看message和 anyconnect 版本
按照报错信息可以从cisco的bug库中搜索到一个类似的bug,有可能是系统ipv6 feature的原因,受影响的版本是3.1(495),如果你的anyconnect版本还有系统恰好符合这个bug描述的话,可以尝试更换一个anyconnect的版本 (https://bst.cloudapps.cisco.com/bugsearch/bug/CSCud73928 ) <--- bug url
如果按照bug中的临时解决办法,卸载了ipv6,重启重装anyconnect仍旧不能解决的话,可以将一些连接的message收集上来再做分析。
//可以参考下图查看message和 anyconnect 版本
While attempting to connect to a clients AnyConnect, this happened;
The VPN client was unable to successfully verify the IP forwarding table modifications. A VPN connection will not be established.
Or on older clients, you may see;
The VPN client was unable to modify the IP forwarding table. A VPN connection will not be established. Please restart your computer or device, then try again.
I was trying to connect from my house, I’d used this connection before from work and it was fine. I worked my way round the problem got my work finished, then re-looked at it the next time I was working from home.
The problem is actually quite simple, take a look at the IP I was using in my house.
Then take a look at the VPN Pool addresses that get allocated to the remote VPN clients (they overlap);
show run | incl pool
Note: This assumes you are using an ‘IP Pool’, If you are using an external DHCP server at the ‘Head end’ then you will need to check/change the scope there.
AnyConnect – Using a Windows DHCP Server to Lease IP Addresses to the Remote Clients
I fixed the problem by simply changing the ‘pool’ so it didn’t overlap.
WARNING: If you have any routing going on behind your firewall (i.e you have layer 3 switches internally, routing between networks or VLANS) you may need to change them to route the ‘new’ AnyConnect subnet back to the firewall.
If you are experiencing this problem on Windows 10, and the above solution is not applicable, consider deleting the following two files;
C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\routechangesv4.bin
C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\routechangesv6.bin
Refer to:https://www.petenetlive.com/kb/article/0001646