Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11077
Views
0
Helpful
2
Replies

Anyconnect VPN not detecting proxy unless reconnecting

drumstyk1
Level 1
Level 1

‎10-04-2012 01:16 PM

Hey all. I kind of have 2 problems that I'm not sure if they are related. Let me start out by saying that I am just an employee on a corp pc and have no access to the server config.

Obviously i have no trouble connecting to VPN normally but I am currently in a location that uses a proxy to reach the internet. I can enter the proxy info into internet options and I am prompted for my credentials when I open chrome. The internet then works fine. Upon trying to connect to VPN (Anyconnect 2.4.1012) it gives me "Connection attempt has failed (timeout)". The peculiar thing is that if I first connect to the internet without a proxy (sprint aircard) and establish the VPN connection, then I can yank the aircard and plug back into the proxy connection and Anyconnect will attempt to reconnect and then recognizes the proxy and prompts me for my proxy credentials as i would expect.

Although this workaround is tedious, it does seem to work consistently. But this leads me to my second issue. When I finally get connected through the proxy as mentioned above, I then cannot access any external internet sites. All of my companies sites work but everything else times out. Through some googlage, I have tried to disable "use default gateway" within my VPN adapters advanced settings but it is not present. Is it possible this could be disabled by the admin? I have also tried to edit the anyconnect profile xml to IgnoreProxy but that doesn't seem to change anything.

Additional Info:

Windows Vista 32-bit

Cisco AnyConnect VPN Client v 2.4.1012

RSA SecureID Token

Also, I don't know if it matters but within the LAN settings, there is an "Automatic Configuration Script" that is enabled, addressed, and grayed out.

I would really appreciate any ideas! Thanks in advance!

-Eric

Labels:
0 Helpful
2 Replies 2

ryanbevan
Level 1
Level 1

‎10-12-2012 05:23 AM

Hi Eric,

Problem 1 : In order for Cisco Anyconnect to work it needs external access to the internet . When you have an issue logging in always confirm you have access to the internet ,if so anyconnect should work .

Problem 2: The reason for this is beacuse there is no split tunnel configured for your anyconnect profile which could be company policy . So whats happening is that when you connect with Anyconnect you are connecting back to the corporate network and only have access to required resources and no access to your local network . You could request that they allow you internet breakout once connected with Anyconnect or request a split tunnel which will allow you to connect back to the local network and browse the internet via the local proxy while connected with Anyconnect .

Hope this helps,

Ryan

0 Helpful

drumstyk1
Level 1
Level 1
In response to ryanbevan

‎10-12-2012 03:03 PM

Hi Ryan,

I appreciate the reply!

For problem 2 (no split tunneling) I think I must concede that this is a server side policy that I cannot change.

For problem 1 though, I am absolutely sure that I am properly connected to the internet before attempting to VPN. Here is a walkthrough of my process:

- set proxy server and port in internet options>connections>LAN

- open chrome

- chrome prompts me for a username and password for the proxy (doesn't work in internet explorer 7)

- after entering credentials, i am able to browse the web

- launch anyconnect as normal

- status goes from "contacting server.company.com" to "unable to process response from server.company.com"

- pop-up "Connection failure: Unknown"

I have tried the above procedure tons of times over the past few weeks to rule out network/server hiccups. I have tried removing the proxy settings from the internet options. I have even tried manually putting the proxy details in my profile xml. I have even asked the IT guy on location and he has no idea (although i don't think he cares enough to check if its a firewall issue)

The only way I can get it to connect to vpn over this network is to first connect through tethering to my cell phone, connecting a sprint aircard, or i suspect any other connection would work, and then swap the connections back to the lan and it reconnects without an issue. Is this weird or is it just me??

Thanks again for any help!

0 Helpful
Customers Also Viewed These Support Documents