I requested devnet sandbox multiple times but however 99% of times I was not able to connect to VPN.
The only time I was able to connect, the sandbox tore down few minutes after that (about 10 minutes ahead of scheduled time) :-/
Currently I'm facing following issues during connecting to VPN:
5:40:09 PM Ready to connect.
5:43:18 PM Contacting devnetsandbox-usw1-reservation.cisco.com:20226.
5:43:58 PM User credentials entered.
5:43:59 PM Establishing VPN session...
5:43:59 PM The AnyConnect Downloader is performing update checks...
5:43:59 PM Checking for profile updates...
5:43:59 PM Checking for product updates...
5:44:00 PM Establishing VPN - Initiating connection...
5:44:00 PM Establishing VPN session...
5:44:01 PM Connection attempt has failed.
5:44:01 PM VPN session ended.
5:44:02 PM Ready to connect.
Are there any tricks/advices how to be more likely to connect to the VPN?
Similar issue here using the openconnect VPN client. Appears that DTLS handshake is failing.
POST https://[vpn-host]:[vpn-port]/ Got CONNECT response: HTTP/1.1 200 OK CSTP connected. DPD 30, Keepalive 20 Connected as [provided VPN IP address], using SSL DTLS handshake failed: Resource temporarily unavailable, try again. [info here about adding hosts/net/gateways mappings] DTLS handshake failed: Resource temporarily unavailable, try again. DTLS handshake failed: Resource temporarily unavailable, try again. [handshake continues to attempt and fail repeatedly]
I removed identifying information in the above console output.
Is there something I am missing or is there an issue with sandbox VPN?
I have a similar issue connecting to theIOS XE on CSR Recommended Code Sandbox, Once connection is stablished the message "DTLS handshake failed: Resource temporarily unavailable, try again." keeps poping in the console and when connecting to the CSR1000v is not able to ping the internet, so installing git and nano in the Guest Shell is not possible.
It looks like you have to pass the "--no-dtls" option to openconnect, to disable DTLS entirely.
It'll still auth over SSL, and your VPN connection will work without DTLS.
I suspect they just haven't implemented DTLS on the devnet side, and the rest is 'less than ideal messaging' in the client.