cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1745
Views
2
Helpful
8
Replies

AnyConnect VPN login delayed by 40 seconds, but works fine

JQU
Level 1
Level 1

Hi everybody,

I use the "Cicso AnyConnect Secure Mobility Client" (version 4.10.01075) for access to my company's network. It usually works fine, once I'm past the login, but there is exactly the "problem" (well, actuall more an annoyance...). When I click "Connect", it takes *exactly* 40 seconds until the user authentication prompt appears. In the message log I always see something like this:


19:26:36 Ready to connect.
19:40:43 Contacting <Company> VPN.
19:41:23 Connection attempt has failed.
19:41:40 User credentials entered.
19:41:40 Establishing VPN session...
19:41:40 The AnyConnect Downloader is performing update checks...
19:41:40 Checking for profile updates...
19:41:40 Checking for product updates...
19:41:40 Checking for customization updates...
19:41:41 Performing any required updates...
19:41:41 The AnyConnect Downloader updates have been completed.
19:41:41 Establishing VPN - Initiating connection...
19:41:41 Establishing VPN session...
19:41:41 Establishing VPN - Examining system...
19:41:41 Establishing VPN - Activating VPN adapter...
19:41:41 Establishing VPN - Configuring system...
19:41:41 Establishing VPN...
19:41:41 Connected to <Company> VPN.

I replaced the name of my company. Please note the 40 seconds between "Contacting..." and "Connection attempt has failed".

However, even though I get this "Connection attempt has failed." message, the login prompt appears (promptly after that, and from then on everything works normally. But this first failed connection attempt bothers me, because it causes the 40 second delay.

Since I seem to be the only person in my company having this issue, our experts and also the VPN service provider have no clue what goes wrong. I also already searched the web and this community without any success. Some reported issues appear to be similar, but either they differ in important details, or no solution was ever provided.

I therefore hope that somebody who has any idea how to fix or diagnose this issue might be reading this and willing to help.

Thank you in advance, and thank you for reading!

Jan

1 Accepted Solution

Accepted Solutions

JQU
Level 1
Level 1

Deactivating IPv6 on the WIFI interface solved the issue. Thanks again, BB!

View solution in original post

8 Replies 8

balaji.bandi
Hall of Fame
Hall of Fame

Do you have any Modules like NAM, which we have seen before due to there was a delay of 60 to 90 seconds ?

you need to provide is this ASA  or FTD on the head end side?

you also need to enable debugging on the headend side to see where is the delay causing. ? is this for all clients ? is the any connected client same region or different regions?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi BB,

thank you for your quick reply. Unfortunately, I have no idea what NAM, ASA or FTD mean. I'm just the dumb end-user

But I will forward this information / questions to our admins.

When you say "head end", I guess you mean the client side? How do I enable debugging?

As I worte, this delay does not happen for all clients, only for me. Most clients are usually within one region, I guess. At least I am in the same region as the server.

Cheers,

Jan

how about searching on google.com if more naming not known? and understand what they are working.

if you are not a sysadmin, is this issue only for you? then you need to contact the network admin about your issue?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

JQU
Level 1
Level 1

Found something. I compared my profile .xml file to the template handed out by my company. The only difference is that on my PC there is one additional line: "<IPProtocolSupport>IPv6,IPv4</IPProtocolSupport>". When I remove this line and restart AnyConnect, the login prompt appears without delay. But as soon as I do log in, AnyConnect adds this line to the file! For the next log in the prompt is then delayed again. I can repeat this over and over again: quit AnyConnect, delete the line, start AnyConnect, log in w/o delay, log out, log in with delay... No fun at all.

I tried to trick AnyConnect by restricting write permissions for the profile .xml, but it complains and won't log me in at all. I also tried to simply change that entry to "IPv4" only, but AnyConnect changes it back. I think I'll write a batch file resetting the .xml file before starting AnyConnect. Welcome to the 21st century!

In the end I believe that the root of the issue is "somehow" related to IPv6. Any ideas how and why?

This is managed by your business. so report back looks like this was delayed due to the ipv6 and ipv4 orders as I understand

tell your network team, you need ipv4 preferred ( so business call to change or not) 

Note : you can also try disabling IPv6 config on your interface (wifi or Ethernet and check)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help


@balaji.bandi wrote:

Note : you can also try disabling IPv6 config on your interface (wifi or Ethernet and check)

 That's a good idea, thanks! I will try this next and report back.

JQU
Level 1
Level 1

Deactivating IPv6 on the WIFI interface solved the issue. Thanks again, BB!

Glad you were able to resolve it, and the suggestion help you to sort it - can we mark it as resolved now..

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help