03-07-2013 11:36 AM
I have WebEx Connect Client v7.2.0 Build 16843 and it has been working fine from the office. I can also connect just fine when I am connected to my home Internet service. If I connect to my home Internet, then use AnyConnect to connect to my office first, I then cannot login to WebEx. It tries for a while and then says "Lost connection to server. Please try to sign in again."
I am running Windows 7 Enterprise SP1 64-bit on a Lenovo T420 with an Intel Core i7-2620M CPU
If I connect to my home Internet, then login to WebEx first, and then connect to the office with AnyConnect, everything works fine.
I have tried this with AnyConnect v2.5.3041 and AnyConnect Secure Mobility Client v3.1.02040.
I am a network engineer so I did some captures and discovered the following:
When logging in while connected only to the Internet the WebEx Client makes connections to three WebEx IPs:
66.163.36.139, 66.163.36.121 and 66.163.36.80.
First it connects to 66..163.36.139 with HTTPS multiple times.
Then it connects to 66.163.36.121 with HTTPS multiple times.
Finally it connects to 66.163.36.80 with HTTPS multiple times.
All of these connections use my wireless LAN adapter which has my private, home IP address (hidden, of course, by my home router NAT).
Then I can use it normally
When logging in while connected to the Internet and also running an AnyConnect VPN connection to my office (configured to allow local LAN access) the WebEx Client does this:
First it connects to 66..163.36.139 with HTTPS multiple times from my wireless LAN adapter the same as above.
Then it tries to connect to 66.163.36.121 with HTTPS but instead of going out using my wireless LAN adapter it tries to use the AnyConnect connection which has a different IP assigned to it by my office firewall. This connection attempt never gets a response because my office firewall does not want to do a hairpin and provide an Internet connection. Now the WebEx Client says it Lost Connection to Server.
The interface it tries to use is called different things depending on where you look at it:
WireShark: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Windows Network Connections: Cisco AnyConnect Secure Mobility Client Connection
ipconfig: Ethernet adapter Local Area Connection 6:
Any ideas would be much appreciated. I can deal with this but I have lots of users who won't like it.
Thanks,
Scott
03-07-2013 01:23 PM
Scott,
This community does not provide technical support and is not staffed with technical support experts. I recommend you post this and future technical support questions to the Cisco Support Community (https://supportforums.cisco.com/index.jspa) where our Cisco technical support experts provide debugging assistance. Another option is to open a ticket with the Cisco Technical Assistance Center (www.cisco.com/go/support) to get expert debugging assistance.
We do encourage you to participate in the Cisco Collaboration Community and to also join our Cisco Collaboration User Group program! In the community, we encourage your discussion/sharing around collaboration topics and Cisco Collaboration Solutions, including business and IT requirements, industry trends, process, culture/organization issues, how collaboration can be used to transform businesses, vendor selection, adoption, training, architecture, licensing, and product features/functionality. If you are a customer or partner, you can also join the user group program to be eligible for member-only events and influence product direction.
We hope to hear from you again.
Kelli Glass
Moderator for the Cisco Collaboration Community
03-14-2013 03:28 PM
I'll try to help, sounds like you are using split tunnelling (local LAN access), but not defining RFC1918 rules for local LAN access on your VPN firewall, it is "suppose to" use the IP you are connected to as local LAN access, but by your traces it is sending the first requests out to the wireless adapter. If no local LAN access is set I bet it would work correctly, or, if you defined the LAN's that are local from ASA then I bet it would work as well as everything other than RFC 1918 "should" go over the tunnel.
Bob James
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide