Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
722
Views
0
Helpful
8
Replies

Cisco AnyConnect v5 ipsec not connec

peterLalic
Level 1
Level 1

‎10-23-2024 07:50 AM

After upgrading to v5 client of AnyConnect from v4.10 ipsec isn't able to connect. The xml is identical in configuration but generates the error below.

Error -> Could not connect to server. Please verify internet connectivity and server address.  

Is there some sort of configuration change in v5 versus v4. the same xml is working on our network for client v4.10. If anyone has an idea of what is going on please let me know. 

               Thanks... 

Labels:
0 Helpful
8 Replies 8

j.a.m.e.s
Level 4
Level 4

‎10-23-2024 08:00 AM

Just bear in mind that the v5 client has moved the location of XML files. It might be worth checking you have the expected files in the new locations: 

%ALLUSERSPROFILE%\Cisco\Cisco Secure Client\VPN\Profile\

%ALLUSERSPROFILE%\Cisco\Cisco Secure Client\

We had no trouble with v4.10 to v5, but that's with SSL vpn. We amended our XML files based on the profile editor, but it wasn't mandatory.

0 Helpful

peterLalic
Level 1
Level 1
In response to j.a.m.e.s

‎10-23-2024 08:39 AM

We have it in %ALLUSERSPROFILE%\Cisco\Cisco Secure Client\VPN\Profile\

But not %ALLUSERSPROFILE%\Cisco\Cisco Secure Client\

Should the preferences xml file be in both locations?

 

0 Helpful

j.a.m.e.s
Level 4
Level 4
In response to peterLalic

‎10-23-2024 09:01 AM

These are the configurable XML file locations:

%ALLUSERSPROFILE%\Cisco\Cisco Secure Client\AnyConnectLocalPolicy.xml
%ALLUSERSPROFILE%\Cisco\Cisco Secure Client\VPN\Profile\<Preferrably-One-XML-file>.xml

The first has a fixed file name as above, the second just needs to be a .xml and the client will enumerate it.

Incidentally did you consider any firewalling on your machines? The host firewall would need to allow IPSec outbound to your ASA IP addresses (and allow DNS too). I've seen cases of firewalls locking down traffic based on a md5 checksum of the source application (in this case, I think it would be vpnagent.exe).

0 Helpful

peterLalic
Level 1
Level 1
In response to j.a.m.e.s

‎10-23-2024 09:23 AM

If I revert my workstation to Client v4.10 ipsec will work. Currently I'm working on v5 with an ssl connection which works. So as far as I can tell ipsec is enabled but there seems to be some weird difference with v5, or simply running the v5 install with v4 already there.

I'll ask the server team about the DNS part.

 

The xml's mentioned from above are carried over from the v4.10 install.

 

 

0 Helpful

peterLalic
Level 1
Level 1
In response to j.a.m.e.s

‎10-23-2024 10:48 AM

Nice find, the only thing id say is that it persists even if tried again. 

0 Helpful

peterLalic
Level 1
Level 1
In response to peterLalic

‎10-23-2024 12:28 PM

When you upgraded from v4 to v5 on the client did you change anything on the ASA server side?

0 Helpful

j.a.m.e.s
Level 4
Level 4

‎10-24-2024 01:13 AM

No changes, v9.18, SSL vpn only. I'm sure they would document it is a change was needed.

0 Helpful
Customers Also Viewed These Support Documents