Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1217
Views
0
Helpful
9
Replies

Anyconnect VPN is working when the Secondary is the Active FW then Anyconnect VPN is not working when the Primary ASA is Active.

vrian_colaba
Level 1
Level 1

‎07-11-2017 12:41 AM - edited ‎02-21-2020 06:12 AM

Just wanted to seek help on my issue.

Anyconnect VPN is working when the Secondary is the Active FW then Anyconnect VPN is not working when the Primary ASA is Active.

Thank you.

vrian

0 Helpful
9 Replies 9

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-11-2017 02:03 AM

Check to make sure there is an AnyConnect client image (and profile if you are using one) on the disk of both units. You can easily check this by comparing the output from the following commands:

dir disk0:/
failover exec standby dir disk0:/
0 Helpful

vrian_colaba
Level 1
Level 1
In response to Marvin Rhoads

‎07-11-2017 02:05 AM

229 -rwx 23985144 20:14:12 Jul 07 2017 anyconnect-macosx-i386-4.3.01095-k9.pkg
230 -rwx 25162392 20:14:54 Jul 07 2017 anyconnect-win-4.3.01095-k9.pkg

8238202880 bytes total (2858024960 bytes free)

MBSIASA/pri/act#

225 -rwx 14601625 20:11:38 Jul 07 2017 anyconnect-linux-64-4.3.01095-k9.pkg
226 -rwx 23985144 20:11:54 Jul 07 2017 anyconnect-macosx-i386-4.3.01095-k9.pkg
227 -rwx 25162392 20:12:12 Jul 07 2017 anyconnect-win-4.3.01095-k9.pkg
246 -rwx 41846784 21:17:28 Jul 07 2017 asasfr-5500x-boot-6.2.0-2.img

8238202880 bytes total (2858135552 bytes free)

0 Helpful

vrian_colaba
Level 1
Level 1
In response to vrian_colaba

‎07-11-2017 02:06 AM

I have an anyconnect client image

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to vrian_colaba

‎07-11-2017 02:12 AM

OK - that eliminates the most common problem. I'm guessing you truncated the output as you don't show a Linux image on the one unit.

What error do you get when it fails?

0 Helpful

vrian_colaba
Level 1
Level 1
In response to Marvin Rhoads

‎07-20-2017 11:47 PM

Still waiting to upgrade the ASA to 9.8.1.5 interim release

0 Helpful

vrian_colaba
Level 1
Level 1
In response to vrian_colaba

‎07-11-2017 02:28 AM

See attached file.

Preview file
58 KB
Preview file
54 KB
Preview file
59 KB
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to vrian_colaba

‎07-11-2017 03:20 AM

How is your active/standby setup? Do you have more than one outside/WAN link?

I ask because I see some errors about finding the next hop that lead me to think you might have some secondary ISP setup, perhaps without the necessary rules that you have on your other connection.

0 Helpful

vrian_colaba
Level 1
Level 1
In response to Marvin Rhoads

‎07-11-2017 08:08 PM

Yes there is some secondary ISP setup.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to vrian_colaba

‎07-11-2017 09:25 PM

We'd need to see moire of the configuration to troubleshoot.

If you're able to attache a sanitized copy, we can review it.

If not, then a TAC case woud be in order.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card