Re: Anyconnect Issue. Connection Timeout no internet Connection

SajeshB · ‎12-07-2020

Hii need help/suggestion in the below issue.

As our user are trying to connect a vpn using anyconnect it is showing Connection Timeout no internet Connection as users are connected with the LAN. we have firewall in between the user and the internet and we have tried open any any ACL on firewall then after user can able to access all the generic website but still not able to connect the VPN showing same error.

So when user have tried to connect the same VPN using his mobile hotspot WIFI, he is able to connect the same VPN.

Need your help as i having doubt on multiple areas here.

1) Users are in the LAN do we need to do any setting in anyconnect for this separately. I have tried with the preference setting (Check/Uncheck) in anyconnect still not working.

2)I have tried the same vpn on my laptop using my mobile hotspot it is not working showing no url found in the browser and in anyconnect it showing please mention correct hostname. And the user are having the laptop given by customer END is they have done any setting for this ?.

3)i was suspecting the issue with the ISP DNS, i have given to the user so i have tried changing it to the google dns as well as cisco umbrella dns vpn is not working and all the other website are working.

4)Checked with XML profile of anyconnect no host address is displaying.

5)So when users are trying to connect with Mobile hotspot successfully in CMD i have checked using ipconfig/all below the vpn IP the url which is showing is different then they are connecting. i have tried that url in anyconnect its showing DNS issue. EX users are connecting to abcd on anyconnect and in cmd below VPN provided ip its showing abc.xyz.customer.com

6)Is any IP whilisting need to be done on Customer end.

Georg Pauwen · ‎12-07-2020

Hello,

what are your AnyConnect clients connecting to, a router under your control ? What does your topology look like ?

SajeshB · ‎12-07-2020

The Vpn which users are trying to connect are not under my control. My topology is like host--->access switch--->distribution switch--->core switch---->firewall--->router<--->ISP.

I have tried connecting one of my laptop to the host port and tried to connect my managed vpn its working and other generic browsing im able to do and i can see all the traffic on my firewall toward my managed vpn.

But connecting to customer managed vpn with customer provided laptop its showing the connection timeout and no internet connection and i have tried to connect my managed vpn in this laptop showing the same error.

While using mobile hotspot both the Vpn are getting connected on customer provided laptop.

The above topology is managed by me but not the Vpn side also i dont know where the Vpn is hosted and Ips of the vpn only the url i i know which they are trying to connect

Georg Pauwen · ‎12-07-2020

Hello,

--> host--->access switch--->distribution switch--->core switch---->firewall--->router<--->ISP.

It would be interesting to know which device in the path above possibly causes the problem. A good approach would be to connect a laptop directly to the router (not sure if that is possible), and if it works, then you know that one of the downstream devices is the culprit. You then would have to work your way down and connect the laptop to the next device, until you find the 'problem' device.

SajeshB · ‎12-07-2020

Yes i i can do this as well but if you can see from my laptop i can connect my managed RAVPN hosted on the internet using anyconnect on the same host port.

I was suspecting an issue with the system or in anyconnet setting in customer laptop or need to whitelist my Public Ip on the customer end.becuase if internet was an issue i wont be able to browse anything on the customer laptop but i can access everything just this anyconnet is showing an error.

Moreover i cannot resolve the url they are trying to connect in any of my laptop/devices its only working on their laptop using mobile hotspot or over the WIFI.

I will troubleshoot this as well connecting a laptop to the upstream devices.