cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11389
Views
0
Helpful
2
Replies

WebEx Connect Can't login while using AnyConnect VPN

dfreemire
Level 1
Level 1

I have WebEx Connect Client v7.2.0 Build 16843 and it has been working fine from the office. I can also connect just fine when I am connected to my home Internet service. If I connect to my home Internet, then use AnyConnect to connect to my office first, I then cannot login to WebEx. It tries for a while and then says "Lost connection to server. Please try to sign in again."

I am running Windows 7 Enterprise SP1 64-bit on a Lenovo T420 with an Intel Core i7-2620M CPU

If I connect to my home Internet, then login to WebEx first, and then connect to the office with AnyConnect, everything works fine.

I have tried this with AnyConnect v2.5.3041 and AnyConnect Secure Mobility Client v3.1.02040.

I am a network engineer so I did some captures and discovered the following:

When logging in while connected only to the Internet the WebEx Client makes connections to three WebEx IPs:

66.163.36.139, 66.163.36.121 and 66.163.36.80.

First it connects to 66..163.36.139 with HTTPS multiple times.

Then it connects to 66.163.36.121 with HTTPS multiple times.

Finally it connects to 66.163.36.80 with HTTPS multiple times.

All of these connections use my wireless LAN adapter which has my private, home IP address (hidden, of course, by my home router NAT).

Then I can use it normally

When logging in while connected to the Internet and also running an AnyConnect VPN connection to my office (configured to allow local LAN access) the WebEx Client does this:

First it connects to 66..163.36.139 with HTTPS multiple times from my wireless LAN adapter the same as above.

Then it tries to connect to 66.163.36.121 with HTTPS but instead of going out using my wireless LAN adapter it tries to use the AnyConnect connection which has a different IP assigned to it by my office firewall. This connection attempt never gets a response because my office firewall does not want to do a hairpin and provide an Internet connection. Now the WebEx Client says it Lost Connection to Server.

The interface it tries to use is called different things depending on where you look at it:

WireShark: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64

Windows Network Connections: Cisco AnyConnect Secure Mobility Client Connection

ipconfig: Ethernet adapter Local Area Connection 6:

Any ideas would be much appreciated. I can deal with this but I have lots of users who won't like it.

Thanks,

Scott

2 Replies 2

keglass
Level 7
Level 7

Scott,

This community does not provide technical support and is not staffed with technical support experts. I recommend you post this and future technical support questions to the Cisco Support Community (https://supportforums.cisco.com/index.jspa) where our Cisco technical support experts provide debugging assistance. Another option is to open a ticket with the Cisco Technical Assistance Center (www.cisco.com/go/support) to get expert debugging assistance.


We do encourage you to participate in the Cisco Collaboration Community and to also join our Cisco Collaboration User Group program!  In the community, we encourage your discussion/sharing around collaboration topics and Cisco Collaboration Solutions, including business and IT requirements, industry trends, process, culture/organization issues, how collaboration can be used to transform businesses, vendor selection, adoption, training, architecture, licensing, and product features/functionality. If you are a customer or partner, you can also join the user group program to be eligible for member-only events and influence product direction.


We hope to hear from you again.

Kelli Glass

Moderator for the Cisco Collaboration Community

bjames
Level 5
Level 5

I'll try to help, sounds like you are using split tunnelling (local LAN access), but not defining RFC1918 rules for local LAN access on your VPN firewall, it is "suppose to" use the IP you are connected to as local LAN access, but by your traces it is sending the first requests out to the wireless adapter. If no local LAN access is set I bet it would work correctly, or, if you defined the LAN's that are local from ASA then I bet it would work as well as everything other than RFC 1918 "should" go over the tunnel.

Bob James