Anyconnect loses connectivity to outlook and web browsing randomly

tomrogers793 · ‎06-27-2023

Hi All,

Im having an issue with cisco Anyconnect that is increasingly causing an issue. I have a Cisco Firepower managed by FDM with an identity source of our on prem AD server. the identity policy is set to produce a captive portal when the browser opens.

what were seeing is that random users at random intervals will lose connectivity to outlook and web browsing and network shares, despite the anyconnect client saying its connected. This will last for 10-15 mins and often the users will need to disconnect and reconnect to the anyconnect client.

Ive cleared connections, failed over to standby device, force logged off users from cli and rebooted the devices and still seeing users experiencing the same issue

Anyone had this before?

Aref Alsouqi · ‎06-27-2023

What version is running on the FDM? it does seem the FDM loses the user-IP mapping. When this issue happens, could you please run the script "user_map_query.pl -u < an affected username >" and see if you see the IP of that user in the database table? this script should be run from expert mode. Another useful command for troubleshooting in this case would be "system support identity-debug", this can be run from the clish mode.

tomrogers793 · ‎06-27-2023

Thanks, ill give it a go next time it happens. Currently on version 7.0.4-55. is there currently any support for it losing the user-IP mapping that youre aware of?

Aref Alsouqi · ‎06-27-2023

Not really sure, but you can take a look at the bug search tool and see if there is any reported bug that would match the behaviour you are seeing:

http://tools.cisco.com/bugsearch/

MHM Cisco World · ‎06-27-2023

you have FW HA active/standby and the web browser is not work fine ?
check the http replication between two FW.