06-30-2020 08:50 AM
I requested devnet sandbox multiple times but however 99% of times I was not able to connect to VPN.
The only time I was able to connect, the sandbox tore down few minutes after that (about 10 minutes ahead of scheduled time) :-/
Currently I'm facing following issues during connecting to VPN:
5:40:09 PM Ready to connect.
5:43:18 PM Contacting devnetsandbox-usw1-reservation.cisco.com:20226.
5:43:58 PM User credentials entered.
5:43:59 PM Establishing VPN session...
5:43:59 PM The AnyConnect Downloader is performing update checks...
5:43:59 PM Checking for profile updates...
5:43:59 PM Checking for product updates...
5:44:00 PM Establishing VPN - Initiating connection...
5:44:00 PM Establishing VPN session...
5:44:01 PM Connection attempt has failed.
5:44:01 PM VPN session ended.
5:44:02 PM Ready to connect.
Are there any tricks/advices how to be more likely to connect to the VPN?
Thanks
Jan
07-03-2020 05:21 AM
10-21-2020 03:01 PM
07-03-2020 12:27 PM
Similar issue here using the openconnect VPN client. Appears that DTLS handshake is failing.
POST https://[vpn-host]:[vpn-port]/ Got CONNECT response: HTTP/1.1 200 OK CSTP connected. DPD 30, Keepalive 20 Connected as [provided VPN IP address], using SSL DTLS handshake failed: Resource temporarily unavailable, try again. [info here about adding hosts/net/gateways mappings] DTLS handshake failed: Resource temporarily unavailable, try again. DTLS handshake failed: Resource temporarily unavailable, try again. [handshake continues to attempt and fail repeatedly]
I removed identifying information in the above console output.
Is there something I am missing or is there an issue with sandbox VPN?
10-21-2020 12:05 PM
I have a similar issue connecting to theIOS XE on CSR Recommended Code Sandbox, Once connection is stablished the message "DTLS handshake failed: Resource temporarily unavailable, try again." keeps poping in the console and when connecting to the CSR1000v is not able to ping the internet, so installing git and nano in the Guest Shell is not possible.
10-22-2020 01:30 AM
@rovelazq there is no outbound connection from the sandbox by design and security posture.
Hope this helps.
12-01-2020 09:56 AM
It looks like you have to pass the "--no-dtls" option to openconnect, to disable DTLS entirely.
It'll still auth over SSL, and your VPN connection will work without DTLS.
I suspect they just haven't implemented DTLS on the devnet side, and the rest is 'less than ideal messaging' in the client.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide