02-16-2022 11:21 AM
Hi,
i am running anyconnect 4.8 on WM win11 but crash on that with message : anyconnect was not able to esthablish a connection...
(all FW, AV, all off, clean windows installation)
7:59:23 PM User credentials entered.
7:59:23 PM Please respond to banner.
7:59:24 PM User accepted banner.
7:59:24 PM Establishing VPN session...
7:59:24 PM The AnyConnect Downloader is performing update checks...
7:59:24 PM Checking for profile updates...
7:59:24 PM Checking for customization updates...
7:59:24 PM Performing any required updates...
7:59:24 PM The AnyConnect Downloader updates have been completed.
7:59:25 PM Establishing VPN - Initiating connection...
7:59:25 PM Establishing VPN session...
7:59:25 PM Establishing VPN - Examining system...
7:59:25 PM Establishing VPN - Activating VPN adapter...
7:59:25 PM Establishing VPN - Attempting to repair VPN adapter...
7:59:25 PM Connection attempt has failed.
7:59:25 PM VPN session ended.
any suggestion?
02-16-2022 12:11 PM
Hi,
Do you have access to ASDM to grab the logs?
HTH
02-16-2022 11:57 PM
Selecting cipher using DTLSv1.2
webvpn_cstp_parse_request_field()
...input: 'X-DTLS-Accept-Encoding: lzs'
Processing CSTL header line: 'X-DTLS-Accept-Encoding: lzs'
webvpn_cstp_parse_request_field()
...input: 'X-DTLS-Header-Pad-Length: 0'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-Accept-Encoding: lzs,deflate'
Processing CSTP header line: 'X-CSTP-Accept-Encoding: lzs,deflate'
webvpn_cstp_parse_request_field()
...input: 'X-CSTP-Protocol: Copyright (c) 2004 Cisco Systems, Inc.'
Processing CSTP header line: 'X-CSTP-Protocol: Copyright (c) 2004 Cisco Systems, Inc.'
cstp_util_address_ipv4_accept: address asigned: 172.29.10.83 -- here I obtain correct IP address
No subnetmask... calculating it
Class B Subnet
np_svc_create_session(0xB56A000, 0x00007f420e9b76c0, TRUE)
webvpn_svc_np_setup
SVC ACL Name: NULL
SVC ACL ID: -1
vpn_put_uauth success for ip 172.29.10.83!
No SVC ACL
Iphdr=20 base-mtu=1500 def-mtu=1500 conf-mtu=1406
tcp-mss = 1460
path-mtu = 1460(mss)
TLS Block size = 16, version = 0x303
mtu = 1460(path-mtu) - 0(opts) - 5(ssl) - 16(iv) = 1439
mod-mtu = 1439(mtu) & 0xfff0(complement) = 1424
tls-mtu = 1424(mod-mtu) - 8(cstp) - 48(mac) - 1(pad) = 1367
DTLS Block size = 16
mtu = 1500(base-mtu) - 20(ip) - 8(udp) - 13(dtlshdr) - 16(dtlsiv) = 1443
mod-mtu = 1443(mtu) & 0xfff0(complement) = 1440
dtls-mtu = 1440(mod-mtu) - 1(cdtp) - 48(mac) - 1(pad) = 1390
computed tls-mtu=1367 dtls-mtu=1390 conf-mtu=1406
DTLS enabled for intf=2 (outside)
tls-mtu=1367 dtls-mtu=1390
SVC: adding to sessmgmt
Sending X-CSTP-DNS: 10.115.152.83
Sending X-CSTP-DNS: 10.223.152.83
Sending X-CSTP-Split-Include msgs: for ACL - Split_Tunnel_E: Start -- here I obtain correct split ACL
Sending X-CSTP-Split-Include: 10.115.152.0/255.255.255.0
Sending X-CSTP-Split-Include: 10.10.0.0/255.255.254.0
Sending X-CSTP-Split-Include: 10.152.195.0/255.255.255.0
Sending X-CSTP-Split-Include: 10.223.152.0/255.255.255.0
Sending X-CSTP-Split-Include: 192.168.1.0/255.255.255.252
Sending X-CSTP-Split-Include: 172.29.20.0/255.255.255.0
Sending X-CSTP-Split-Include: 172.29.30.0/255.255.255.0
Sending X-CSTP-Split-Include: 172.29.40.0/255.255.255.0
Sending X-CSTP-Split-Include: 172.29.50.0/255.255.255.0
Sending X-CSTP-Split-Include: 172.29.60.0/255.255.255.0
Sending X-CSTP-Split-Include: 172.29.70.0/255.255.255.0
Sending X-CSTP-Split-Include: 172.16.3.0/255.255.255.0
Sending X-CSTP-Split-Include: 10.115.153.0/255.255.255.0
Sending X-CSTP-Split-Include: 192.168.3.0/255.255.255.0
Sending X-CSTP-MTU: 1367
Sending X-DTLS-MTU: 1390
Sending X-DTLS12-CipherSuite: ECDHE-ECDSA-AES256-GCM-SHA384
Sending X-CSTP-FW-RULE msgs: Start
Sending X-CSTP-FW-RULE msgs: Done
Sending X-CSTP-Quarantine: false
Sending X-CSTP-Disable-Always-On-VPN: false
Sending X-CSTP-Client-Bypass-Protocol: false
SVC message: t/s=3/16: Unable to start VA, setup shared queue, or VA gave up on shared queue. -- VA problem here!
webvpn_svc_np_tear_down: no ACL
webvpn_svc_np_tear_down: no IPv6 ACL
np_svc_destroy_session(0xB56A000)
02-17-2022 01:28 AM
Hello,
I recall a previous post where somebody had a similar problem. It appears that Windows 11 requires Annyconnect 4.9, or better yet, 4.10.
02-17-2022 03:54 AM
I have already tried anyconnect-win-4.10.00093-core-vpn-predeploy-k9 and still have the same problem
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide