Unable to connect with Cisco AnyConnect to access Sandbox

cc10 · ‎03-02-2020

Hello, I am trying to start a learning lab using a devnet sandbox. I am unable to connect to the VPN provided by email. I get an error that says "Connection attempt has timed out. Please verify Internet connectivity. I have checked to ensure that my firewall settings are not preventing the VPN access. I am also unable to ping VPN server. Thank you for any assistance you can provide.

bigevilbeard · ‎03-03-2020

The VPN headend might not reply to ping for security reasons, can you run a traceroute and see if you are exiting your network/provider network. The port range will be anywhere from TCP 20100 through TCP 20354. Give that a try and you should be good to go. If that's not working, keep in mind VPNs also use TLS (TCP 443) and DTLS (UDP 443). Though typically these are open in most organizations.

Thanks!

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

cc10 · ‎03-03-2020

Tracert shows traffic exiting our system, but it times out when it hits cisco.com.

bigevilbeard · ‎03-03-2020

Thanks, did you check the ports mentioned are open?

Thanks!

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

cc10 · ‎03-03-2020

Those ports are open on my end. I ran tcptraceroute to the VPN hostname and port provided, and it looks like it's being blocked on Cisco's end. Same for port 443.

bigevilbeard · ‎03-03-2020

That sounds very odd, not heard of this before. I would recommend tearing down this sandbox and reserving a new one. Which sandbox is this please, i will ask the ENG team to also look and try and reserve one from this side.

Thanks!

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

cc10 · ‎03-03-2020

I have tried two sandboxes with the same result. Do you want the lab network address?

bigevilbeard · ‎03-03-2020

If you can share which sandbox you are using (the name from the catalogue) i will take one and check if this happens for me also.

Thanks!

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

cc10 · ‎03-03-2020

It's the IOx v1.7 Lab Sandbox. Thanks!

bigevilbeard · ‎03-03-2020

Sadly I could not replicate this when i reserved this sandbox to GW devnetsandbox-us-sjc.cisco.com:20132 i can connect the VPN ok and get to the Fog Director via HTTP/ping etc..

(venv) STUACLAR-M-R6EU:~ stuaclar$ ping 10.10.20.50
PING 10.10.20.50 (10.10.20.50): 56 data bytes
64 bytes from 10.10.20.50: icmp_seq=0 ttl=63 time=183.609 ms
64 bytes from 10.10.20.50: icmp_seq=1 ttl=63 time=186.381 ms
^C
--- 10.10.20.50 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 183.609/184.995/186.381/1.386 ms

I checked with the ENG team and there are no known issues at this time with this or other sandbox's. The only thing at stage i can think of that i have seen in the past are proxy settings https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/configure-vpn.html - it also might be worth trying to reserve another sandbox and see if this happen here also.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io