cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7219
Views
0
Helpful
45
Replies

anyconnect client profile configuration

DAK007
Level 1
Level 1

I All,

 

i have a problem to configure my any-connect vpn remote access. there is my router when i try it show connection attempt has timed out please verify internet connectivity. I'm able to ping my outside interface from outside

Cisco router 1001-X show run is in the attached file

 

URGENT please !

 

45 Replies 45

can you show me how to do packet capture ? i will do and send it back to you please

ip access-list extended CAP_ACL
permit ip any host 2.2.2.10

monitor capture CAP interface gig 2 both
monitor capture CAP access-list CAP_ACL
monitor capture CAP start
show monitor capture CAP buffer
! confirm the monitor capture is working from the output of the previous command, if it is proceed

monitor capture CAP stop
monitor capture CAP export tftp://192.168.10.100/flexvpn-radius.pcap
no monitor capture CAP

HTH

this is the file .

 

i have uploaded in .txt because the .pcap extension cannot be uploaded

So your laptop (hp i'm guessing) was x.x.x.165 and the router was x.x.x.162 is that correct?

I can see traffic intiated from x.x.x.165 to x.x.x.162 dst port 500, but in the reply from the router the source port is now port 512, that's not correct it should be 500. Is there anything inline or infront of the router that could change the port?

no router I'm connected directly to the router asr port let me do another packet capture.
it is so painful .
give me 5 mn i send you back new packet capture

i took this just now

yes I have a HP.
what can we do to solve this problem?
many days I don't sleep trying to solve this

That packet capture revealed the same as the previous capture. Can you connect from an external internet connection, not a separate interface on the router, as this maybe misleading. Run another packet capture and upload.

sorry for the delay this is the file waiting for you answer

The client computer is attempting to connect to the router on some random ports (tcp/545 tcp/549) that I wouldn't expect to be used for a VPN.

What else is the router used for?
Is the client configured to communicate for the router for anything other than the VPN?

Can you upload your anyconnect xml profile please?

in fact this is a new project and we want all users to connect from everywhere with anyconnect . for now I'm the only one connected to the router we need to finish the vpn connection and the then allow other users.

 

the profile is joined

any news

I've compared you packet capture to mine, similar configuration.


As I mentioned before your client attempts to establish a connection to the router DST port 500 with a "IKE_SA_INIT MID== Initiator Request" packet, the next packet the router responds from a SRC port of 512.

On my router. In my packet capture the client communicates with the router DST port 500 with a "IKE_SA_INIT MID== Initiator Request" packet router responds correctly on SRC port 500 with a "IKE_SA_INIT MID== Responder Response". This is what I'd expect, but you don't appear to be getting this.

Can you run a packet capture on your windows laptop and send that please

What IOS version are you running?
What AnyConnect version are you running?

i have anyconnect-win-4.6.02074-predeploy-k9.
i run windows 10 on the laptop

how to rune packet capture on windows

What is the exact version of IOS are you running on the router? 16.6.???

Download and Install wireshark, select the interface to capture traffic on (either wifi or wireless, depending on how you are connecting) then capture. Save the file and upload.