I had a client reach out to me yesterday that they couldn't connect using Anyconnect anymore. Only a few users use it and IPSec VPN still works fine, so it wasn't an emergency. I checked it out for myself and after you enter your credentials, you get the following errors:
The VPN client failed to establish a connection.
Followed by:
Anyconnect was not able to establish a connection to the specified secure gateway. Please try connecting again.
I checked out the Anyconnect conifguration and it looked fine. Just to be safe, I deleted and recreated the Anyconnect profile, but to no avail. I did a debug anyconnect 255 and only got the following output:
Not calling vpn_remove_uauth: not IPv4!
webvpn_svc_np_tear_down: no ACL
webvpn_svc_np_tear_down: no IPv6 ACL
The one other part I checked with the real time log viewer in ASDM. It showed the connection being built and then torn down with a TCP RESET-I. This seems a bit odd as well.
I looked around to see if the debug output would point me in the right direction. The only thing I found had to do with assigning IP addresses to the VPN client. The clients are getting IP addresses from a local IP pool on the ASA.
Any ideas would be appreciated.
TIA,
Dan