I have a handful of remote IP phone users with phones configured for AnyConnect to bring up a vpn to an ASA device. All the phones are connecting without a problem except one. It seems to connected fine but then is keeps disconnecting. This is from the phone status messages:
| 11:22:40a Registration lost due to VPN failure |
| 11:22:55a No DNS Server IP |
| 11:22:55a Updating Trust List |
| 11:22:55a Trust List updated |
| 11:22:56a SEP68BC0C807BA9.cnf.xml.sgn (HTTP) |
| 11:22:56a VPN Info: Phone uses Certificate-only VPN authentication method. |
| 11:22:56a VPN Info: Auto-detection of network connection is enabled. |
| 11:23:58a Registration lost due to VPN failure |
| 11:23:59a Reason unspecified |
| 11:24:52a Registration lost due to VPN failure |
The ASA logs are showing this:
Dec 15 2011 16:02:21: %ASA-4-722051: Group <GroupPhoneWebvpn> User <CP-8961-SEP68bc0c807ba9> IP <96.237.50.25> Address <192.168.25.144> assigned to session
Dec 15 2011 16:02:21: %ASA-6-725001: Starting SSL handshake with client outside:96.237.50.25/24264 for DTLSv1 session.
Dec 15 2011 16:02:21: %ASA-6-725003: SSL client outside:96.237.50.25/24264 request to resume previous session.
Dec 15 2011 16:02:22: %ASA-6-725002: Device completed SSL handshake with client outside:96.237.50.25/24264
Dec 15 2011 16:02:22: %ASA-5-722032: Group <GroupPhoneWebvpn> User <CP-8961-SEP68bc0c807ba9> IP <96.237.50.25> New UDP SVC connection replacing old connection.
Dec 15 2011 16:02:22: %ASA-6-722022: Group <GroupPhoneWebvpn> User <CP-8961-SEP68bc0c807ba9> IP <96.237.50.25> UDP SVC connection established without compression
Dec 15 2011 16:02:22: %ASA-6-725007: SSL session with client outside:96.237.50.25/17011 terminated.
Dec 15 2011 16:02:22: %ASA-5-722028: Group <GroupPhoneWebvpn> User <CP-8961-SEP68bc0c807ba9> IP <96.237.50.25> Stale SVC connection closed.
Does this look like an issue with the config or the phone? Or, as I suspect, a network issue separate from the ASA?
Thanks!
