cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
429
Views
0
Helpful
1
Replies
Highlighted
Contributor

Anyconnect 3.1 connectivity issues

I had a client reach out to me yesterday that they couldn't connect using Anyconnect anymore.  Only a few users use it and IPSec VPN still works fine, so it wasn't an emergency.  I checked it out for myself and after you enter your credentials, you get the following errors:

The VPN client failed to establish a connection.

Followed by:

Anyconnect was not able to establish a connection to the specified secure gateway.  Please try connecting again.

I checked out the Anyconnect conifguration and it looked fine.  Just to be safe, I deleted and recreated the Anyconnect profile, but to no avail.  I did a debug anyconnect 255 and only got the following output:

Not calling vpn_remove_uauth: not IPv4!

webvpn_svc_np_tear_down: no ACL

webvpn_svc_np_tear_down: no IPv6 ACL

The one other part I checked with the real time log viewer in ASDM.  It showed the connection being built and then torn down with a TCP RESET-I.  This seems a bit odd as well. 

I looked around to see if the debug output would point me in the right direction.  The only thing I found had to do with assigning IP addresses to the VPN client.  The clients are getting IP addresses from a local IP pool on the ASA.

Any ideas would be appreciated.

TIA,

Dan

1 REPLY 1
Highlighted
Cisco Employee

Hi Dan,

What did you find about the address assignment? Failure to assign an address would certainly be a possible cause.

In any case, the following debugs might be useful:

debug aaa authen

debug aaa author

debug aaa common 255

debug dap trace

if e.g. radius or ldap are used:

debug radius decode

debug ldap

"show vpn-sessiondb" can be useful to check if you have many stale connections (which could eat up licenses for example).

hth

Herbert

Content for Community-Ad