11-12-2016 04:10 PM - edited 03-20-2019 09:08 PM
This is a really bad bug. There is no evidence about the circumstances, the SYN-ACK package vanishes silently. Usually you test the VPN with PING which is perfectly working, as it is with DNS (udp). TCP traffic is entirely timing out. Anyconnect clients are working fine.
I have verified this on 5515, 5512 (9.6(2)), 5506 (9.6(2)3).
The only option for me was finally to downgrade to 9.6(1).
Solved! Go to Solution.
11-14-2016 08:31 AM
This bug is close to getting resolved. Until then, your options are:
Does this help?
Kind regards ... Palani
11-14-2016 08:31 AM
This bug is close to getting resolved. Until then, your options are:
Does this help?
Kind regards ... Palani
11-14-2016 08:43 AM
Thank you, Palani.
Just one question - will it be resolved in the 9.6(2) trail or will there be a 9.6(3) ?
Regards,
Chris
11-14-2016 10:31 AM
Hi Chris
The bug is not yet resolved. So, it is not clear which releases would have the fix. I expect some clarity in early Dec.
Kind regards ... Palani
11-14-2016 12:04 PM
Again thank you for your quick answer. I'm just wondering that it takes until December. The initial 9.6(2) is from August. Maybe I underestimate the impact to fix it, because the Anyconnect Client in this scenario is perfectly running.
Isn't a large user community using this option? We have changed most of our RAS VPN's to L2TP/PSK when PPTP was discontinued on the ASA platform some couple of years ago. IKEv2 was not supported at that time and still many client systems do not support it "on-board".
I'm not really dealing with VPN's every day - researching this to the extent necessary to consider it a bug took me several hours. I hope you understand, but during this process I simply did not want to accept that Cisco is releasing a Interim (3) release after almost 3 month still containing such a fundamental flaw.
11-15-2016 06:20 AM
Hi Chris
First of, regret the inconvenience caused.
Please do not view the following as defending the bug. As a customer, I expect better from my vendor. Any bug in sw is inconvenience for which there is no excuse.
As far as I can tell, this bug was first experienced in early October. Less than 10 customers are impacted so far, that I know of. Regardless, this bug is assigned the highest severity.
Between the time I responded on this thread and today, the bug has been resolved. Within a week or so, we should have clarity on which releases would have the fix and the ETA of the next release.
I hope this helps .... Palani
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide