tricky thing anyconnect not stable

ronald.su · ‎10-14-2020

hello,

tricky thing, we using ASA and anyconnect for the remote user access. but lots of users report anyconnect will disconnect and reconnect at the first beginnging, it will happen 1 times and then will become stable. won't disconnect again.

I test lots of times, everytime I connected, and it will disconnect and reconnect 1 minute and 3 seconds, after that , it will become stable , won't disconnect again, no matter how long I connected.

and we got 2 ASA,

ASA1 is ASA5515-X 9.12(4) located at Hongkong

ASA2 is ASA5515-X 9.1(2) located at Singapore

some user using Anyconnect 3.1 , some is 4.8

no matter what anyconnect client version and no matter which ASA connect to , everytime! it will reconnect after 63 second, no more and no less.

the client log :

10/15/2020
2:22:15 PM Ready to connect.
2:22:20 PM Contacting ASA1.mydomain.com.
2:22:25 PM User credentials entered.
2:22:30 PM User credentials entered.
2:22:30 PM Establishing VPN session...
2:22:31 PM The AnyConnect Downloader is performing update checks...
2:22:31 PM Checking for profile updates...
2:22:31 PM Checking for customization updates...
2:22:31 PM Performing any required updates...
2:22:31 PM The AnyConnect Downloader updates have been completed.
2:22:31 PM Establishing VPN - Initiating connection...
2:22:31 PM Establishing VPN session...
2:22:31 PM Establishing VPN - Examining system...
2:22:31 PM Establishing VPN - Activating VPN adapter...
2:22:32 PM Establishing VPN - Configuring system...
2:22:32 PM Establishing VPN...
2:22:32 PM Connected to ASA1.mydomain.com.
2:23:35 PM Reconnecting to ASA1.mydomain.com...
2:23:35 PM Establishing VPN - Examining system...
2:23:41 PM Establishing VPN - Activating VPN adapter...
2:23:42 PM Establishing VPN - Configuring system...
2:23:42 PM Establishing VPN...
2:23:42 PM Connected to ASA1.mydomain.com.
2:23:42 PM Reconnecting to ASA1.mydomain.com...
2:23:42 PM Establishing VPN - Examining system...
2:23:42 PM Establishing VPN - Activating VPN adapter...
2:23:42 PM Establishing VPN - Configuring system...
2:23:42 PM Establishing VPN...
2:23:42 PM Connected to ASA1.mydomain.com.

10/15/2020
2:38:17 PM Contacting ASA2.mydomain.com.
2:38:29 PM User credentials entered.
2:38:29 PM Establishing VPN session...
2:38:30 PM The AnyConnect Downloader is performing update checks...
2:38:30 PM Checking for profile updates...
2:38:30 PM Checking for customization updates...
2:38:30 PM Performing any required updates...
2:38:30 PM The AnyConnect Downloader updates have been completed.
2:38:30 PM Establishing VPN - Initiating connection...
2:38:30 PM Establishing VPN session...
2:38:32 PM Establishing VPN - Examining system...
2:38:32 PM Establishing VPN - Activating VPN adapter...
2:38:32 PM Establishing VPN - Configuring system...
2:38:33 PM Establishing VPN...
2:38:33 PM Connected to ASA2.mydomain.com.
2:39:36 PM Reconnecting to ASA2.mydomain.com...
2:39:36 PM Establishing VPN - Examining system...
2:39:42 PM Establishing VPN - Activating VPN adapter...
2:39:43 PM Establishing VPN - Configuring system...
2:39:43 PM Establishing VPN...
2:39:43 PM Connected to ASA2.mydomain.com.
2:39:44 PM Reconnecting to ASA2.mydomain.com...
2:39:44 PM Establishing VPN - Examining system...
2:39:44 PM Establishing VPN - Activating VPN adapter...
2:39:44 PM Establishing VPN - Configuring system...
2:39:44 PM Establishing VPN...
2:39:44 PM Connected to ASA2.mydomain.com.

tricky thing anyconnect not stable

AnyConnect Certificate Based Authentication.

Getting past intermittent/unexplained 802.1x problems on Windows 7

Insights About Multiple Vulnerabilities in Cisco Discovery Protocol Implementations (CDPwn)