Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6691
Views
5
Helpful
8
Replies

Anyconnect 4.7 management tunnel vpn issue?

Go to solution
osiega001
Level 1
Level 1

‎01-11-2019 01:06 AM - edited ‎01-11-2019 06:35 AM

Got the certificate connection working. Tunnel is connected but drops immediately with this message.

__________________________________________________________________________________

Function: CCvcConfig::validateMgmtTunParameters
File: vpnconfig.cpp
Line: 3641
Block-all IPv6 is not supported for management tunnel

\Function: CCvcConfig::setConfig
File: vpnconfig.cpp
Line: 1736
Invoked Function: CCvcConfig::validateMgmtTunParameters
Return Code: -33095617 (0xFE07003F)
Description: CVCCONFIG_ERROR_INVALID_MGMT_TUN_CONFIG

Termination reason code 1:
Configuration received from secure gateway was invalid.

__________________________________________________________________________________

 

Checking my asa config and can't see things that could be related.

What to check?

 

 

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
osiega001
Level 1
Level 1
In response to osiega001

‎01-13-2019 03:20 AM

Finally got it working!

RemoteDesktopManager64_NCpnCfv48a.png

Was required. Probably because im not doing anything with IPv6.

(also in the manual on page 126, last lines)

 

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Rob Ingram
VIP
VIP

‎01-11-2019 01:59 AM

Hi,

The AC 4.7 management tunnel requires a machine certificate, is that the certificate you have or were you referring to a user certificate?

 

0 Helpful

Go to solution
osiega001
Level 1
Level 1
In response to Rob Ingram

‎01-11-2019 02:01 AM - edited ‎01-11-2019 02:02 AM

I'm using machine certs.
Anyconnect log says it found 1 valid cert and using it.

 

 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to osiega001

‎01-11-2019 02:10 AM

Have you created a Tunnel Group and Profile for the Management Tunnel?

More information here from page 125

0 Helpful

Go to solution
osiega001
Level 1
Level 1
In response to Rob Ingram

‎01-11-2019 02:13 AM

Yes, this is how i got started :)
I simply cannot find anything that is ipv6 related / blocked in the tunnel group/ profile

0 Helpful

Go to solution
osiega001
Level 1
Level 1
In response to osiega001

‎01-13-2019 03:20 AM

Finally got it working!

RemoteDesktopManager64_NCpnCfv48a.png

Was required. Probably because im not doing anything with IPv6.

(also in the manual on page 126, last lines)

 

0 Helpful

Go to solution
ucsbhien
Level 1
Level 1
In response to osiega001

‎11-05-2021 02:18 PM

Thank you osiega001.  We were having the same issue with FTD 7.0, and we couldn't figure out for weeks.  Cisco TAC pointed out there is a bug with the management tunnel not working with IPv6 disabled.  After searching the Internet and seeing your resolution, I enabled the "Client Bypass Protocol" in the management tunnel group policy.   The management tunnel is magically connected now! 

0 Helpful

Go to solution
Barrett Cowan
Level 1
Level 1

‎07-12-2019 02:33 AM

I'm not sure what exactly you're trying to accomplish, but check out my guide. A lot of good info there. You may be interested in how the Client Bypass Protocol setting works.

 

https://technook.home.blog/2019/07/11/cisco-anyconnect-managent-vpn-tunnel-microsoft-ca/

Go to solution
Barrett Cowan
Level 1
Level 1
In response to Barrett Cowan

‎07-12-2019 02:35 AM - edited ‎07-12-2019 03:38 AM

 
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents