cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
859
Views
0
Helpful
8
Replies

Cisco AnyConnect v5 ipsec not connec

peterLalic
Level 1
Level 1

After upgrading to v5 client of AnyConnect from v4.10 ipsec isn't able to connect. The xml is identical in configuration but generates the error below.

Error -> Could not connect to server. Please verify internet connectivity and server address.  

Is there some sort of configuration change in v5 versus v4. the same xml is working on our network for client v4.10. If anyone has an idea of what is going on please let me know. 

               Thanks... 

8 Replies 8

j.a.m.e.s
Level 4
Level 4

Just bear in mind that the v5 client has moved the location of XML files. It might be worth checking you have the expected files in the new locations: 

%ALLUSERSPROFILE%\Cisco\Cisco Secure Client\VPN\Profile\

%ALLUSERSPROFILE%\Cisco\Cisco Secure Client\

We had no trouble with v4.10 to v5, but that's with SSL vpn. We amended our XML files based on the profile editor, but it wasn't mandatory.

We have it in %ALLUSERSPROFILE%\Cisco\Cisco Secure Client\VPN\Profile\

But not %ALLUSERSPROFILE%\Cisco\Cisco Secure Client\

Should the preferences xml file be in both locations?

 

These are the configurable XML file locations:

%ALLUSERSPROFILE%\Cisco\Cisco Secure Client\AnyConnectLocalPolicy.xml
%ALLUSERSPROFILE%\Cisco\Cisco Secure Client\VPN\Profile\<Preferrably-One-XML-file>.xml

The first has a fixed file name as above, the second just needs to be a .xml and the client will enumerate it.

Incidentally did you consider any firewalling on your machines? The host firewall would need to allow IPSec outbound to your ASA IP addresses (and allow DNS too). I've seen cases of firewalls locking down traffic based on a md5 checksum of the source application (in this case, I think it would be vpnagent.exe).

If I revert my workstation to Client v4.10 ipsec will work. Currently I'm working on v5 with an ssl connection which works. So as far as I can tell ipsec is enabled but there seems to be some weird difference with v5, or simply running the v5 install with v4 already there.

I'll ask the server team about the DNS part.

 

The xml's mentioned from above are carried over from the v4.10 install.

 

 

Nice find, the only thing id say is that it persists even if tried again. 

When you upgraded from v4 to v5 on the client did you change anything on the ASA server side?

j.a.m.e.s
Level 4
Level 4

No changes, v9.18, SSL vpn only. I'm sure they would document it is a change was needed.