- Cisco Community
- Technology and Support
- Security
- VPN
- Anyconnect fails with SVC message 16
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Anyconnect fails with SVC message 16
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2010 01:56 PM - edited 02-21-2020 04:35 PM
I have tried to configure Anyconnect for SSL access on my ASA.
I can connect to the ASA, download the software, but each time I try to connect it fails. I see the client trying to connect but it says it cannot establis a connection!
I attach my config file. Any ideas what I should do?
The debug is as follows:-
10-04-10 21:23:01 Local4.Info 200.0.0.100 %ASA-6-716001: Group <VPNUsers> User <Mark> IP <80.177.219.168> WebVPN session started.
2010-04-10 21:23:01 Local4.Info 200.0.0.100 %ASA-6-716038: Group <VPNUsers> User <Mark> IP <80.177.219.168> Authentication: successful, Session Type: WebVPN.
2010-04-10 21:23:01 Local4.Info 200.0.0.100 %ASA-6-302013: Built inbound TCP connection 1184 for outside:80.177.219.168/4940 (80.177.219.168/4940) to identity:217.37.175.6/443 (217.37.175.6/443)
2010-04-10 21:23:01 Local4.Info 200.0.0.100 %ASA-6-725001: Starting SSL handshake with client outside:80.177.219.168/4940 for TLSv1 session.
2010-04-10 21:23:01 Local4.Info 200.0.0.100 %ASA-6-725003: SSL client outside:80.177.219.168/4940 request to resume previous session.
2010-04-10 21:23:01 Local4.Info 200.0.0.100 %ASA-6-725002: Device completed SSL handshake with client outside:80.177.219.168/4940
2010-04-10 21:23:01 Local4.Info 200.0.0.100 %ASA-6-725007: SSL session with client outside:80.177.219.168/4940 terminated.
2010-04-10 21:23:01 Local4.Info 200.0.0.100 %ASA-6-302014: Teardown TCP connection 1184 for outside:80.177.219.168/4940 to identity:217.37.175.6/443 duration 0:00:00 bytes 126 TCP Reset-I
2010-04-10 21:23:01 Local4.Info 200.0.0.100 %ASA-6-302013: Built inbound TCP connection 1185 for outside:80.177.219.168/4943 (80.177.219.168/4943) to identity:217.37.175.6/443 (217.37.175.6/443)
2010-04-10 21:23:01 Local4.Info 200.0.0.100 %ASA-6-725001: Starting SSL handshake with client outside:80.177.219.168/4943 for TLSv1 session.
2010-04-10 21:23:01 Local4.Info 200.0.0.100 %ASA-6-725003: SSL client outside:80.177.219.168/4943 request to resume previous session.
2010-04-10 21:23:01 Local4.Info 200.0.0.100 %ASA-6-725002: Device completed SSL handshake with client outside:80.177.219.168/4943
2010-04-10 21:23:02 Local4.Info 200.0.0.100 %ASA-6-302013: Built inbound TCP connection 1186 for outside:80.177.219.168/4946 (80.177.219.168/4946) to identity:217.37.175.6/443 (217.37.175.6/443)
2010-04-10 21:23:02 Local4.Info 200.0.0.100 %ASA-6-725001: Starting SSL handshake with client outside:80.177.219.168/4946 for TLSv1 session.
2010-04-10 21:23:02 Local4.Info 200.0.0.100 %ASA-6-725003: SSL client outside:80.177.219.168/4946 request to resume previous session.
2010-04-10 21:23:02 Local4.Info 200.0.0.100 %ASA-6-725002: Device completed SSL handshake with client outside:80.177.219.168/4946
2010-04-10 21:23:02 Local4.Info 200.0.0.100 %ASA-6-725007: SSL session with client outside:80.177.219.168/4946 terminated.
2010-04-10 21:23:02 Local4.Info 200.0.0.100 %ASA-6-302014: Teardown TCP connection 1186 for outside:80.177.219.168/4946 to identity:217.37.175.6/443 duration 0:00:00 bytes 126 TCP Reset-I
2010-04-10 21:23:02 Local4.Info 200.0.0.100 %ASA-6-302013: Built inbound TCP connection 1187 for outside:80.177.219.168/4949 (80.177.219.168/4949) to identity:217.37.175.6/443 (217.37.175.6/443)
2010-04-10 21:23:02 Local4.Info 200.0.0.100 %ASA-6-725001: Starting SSL handshake with client outside:80.177.219.168/4949 for TLSv1 session.
2010-04-10 21:23:02 Local4.Info 200.0.0.100 %ASA-6-725003: SSL client outside:80.177.219.168/4949 request to resume previous session.
2010-04-10 21:23:02 Local4.Info 200.0.0.100 %ASA-6-725002: Device completed SSL handshake with client outside:80.177.219.168/4949
2010-04-10 21:23:02 Local4.Info 200.0.0.100 %ASA-6-302013: Built inbound TCP connection 1188 for outside:80.177.219.168/4952 (80.177.219.168/4952) to identity:217.37.175.6/443 (217.37.175.6/443)
2010-04-10 21:23:02 Local4.Info 200.0.0.100 %ASA-6-725001: Starting SSL handshake with client outside:80.177.219.168/4952 for TLSv1 session.
2010-04-10 21:23:02 Local4.Info 200.0.0.100 %ASA-6-725003: SSL client outside:80.177.219.168/4952 request to resume previous session.
2010-04-10 21:23:02 Local4.Info 200.0.0.100 %ASA-6-725002: Device completed SSL handshake with client outside:80.177.219.168/4952
2010-04-10 21:23:02 Local4.Info 200.0.0.100 %ASA-6-725007: SSL session with client outside:80.177.219.168/4952 terminated.
2010-04-10 21:23:02 Local4.Info 200.0.0.100 %ASA-6-302014: Teardown TCP connection 1188 for outside:80.177.219.168/4952 to identity:217.37.175.6/443 duration 0:00:00 bytes 126 TCP Reset-I
2010-04-10 21:23:03 Local4.Info 200.0.0.100 %ASA-6-302013: Built inbound TCP connection 1189 for outside:80.177.219.168/4955 (80.177.219.168/4955) to identity:217.37.175.6/443 (217.37.175.6/443)
2010-04-10 21:23:03 Local4.Info 200.0.0.100 %ASA-6-725001: Starting SSL handshake with client outside:80.177.219.168/4955 for TLSv1 session.
2010-04-10 21:23:03 Local4.Info 200.0.0.100 %ASA-6-725003: SSL client outside:80.177.219.168/4955 request to resume previous session.
2010-04-10 21:23:03 Local4.Info 200.0.0.100 %ASA-6-725002: Device completed SSL handshake with client outside:80.177.219.168/4955
2010-04-10 21:23:04 Local4.Debug 200.0.0.100 %ASA-7-710005: TCP request discarded from 221.192.199.49/12200 to outside:217.37.175.6/8080
2010-04-10 21:23:04 Local4.Info 200.0.0.100 %ASA-6-302013: Built inbound TCP connection 1190 for outside:80.177.219.168/4959 (80.177.219.168/4959) to identity:217.37.175.6/443 (217.37.175.6/443)
2010-04-10 21:23:04 Local4.Info 200.0.0.100 %ASA-6-725001: Starting SSL handshake with client outside:80.177.219.168/4959 for TLSv1 session.
2010-04-10 21:23:04 Local4.Debug 200.0.0.100 %ASA-7-725010: Device supports the following 4 cipher(s).
2010-04-10 21:23:04 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[1] : RC4-SHA
2010-04-10 21:23:04 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[2] : AES128-SHA
2010-04-10 21:23:04 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[3] : AES256-SHA
2010-04-10 21:23:04 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[4] : DES-CBC3-SHA
2010-04-10 21:23:04 Local4.Debug 200.0.0.100 %ASA-7-725008: SSL client outside:80.177.219.168/4959 proposes the following 8 cipher(s).
2010-04-10 21:23:04 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[1] : RC4-MD5
2010-04-10 21:23:04 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[2] : RC4-SHA
2010-04-10 21:23:04 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[3] : DES-CBC3-SHA
2010-04-10 21:23:04 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[4] : DES-CBC-SHA
2010-04-10 21:23:04 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[5] : EXP-RC4-MD5
2010-04-10 21:23:04 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[6] : EXP-RC2-CBC-MD5
2010-04-10 21:23:04 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[7] : EDH-DSS-DES-CBC3-SHA
2010-04-10 21:23:04 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[8] : EDH-DSS-DES-CBC-SHA
2010-04-10 21:23:04 Local4.Debug 200.0.0.100 %ASA-7-725012: Device chooses cipher : RC4-SHA for the SSL session with client outside:80.177.219.168/4959
2010-04-10 21:23:04 Local4.Info 200.0.0.100 %ASA-6-725002: Device completed SSL handshake with client outside:80.177.219.168/4959
2010-04-10 21:23:05 Local4.Info 200.0.0.100 %ASA-6-725007: SSL session with client outside:80.177.219.168/4959 terminated.
2010-04-10 21:23:05 Local4.Info 200.0.0.100 %ASA-6-302014: Teardown TCP connection 1190 for outside:80.177.219.168/4959 to identity:217.37.175.6/443 duration 0:00:00 bytes 575 TCP Reset-I
2010-04-10 21:23:08 Local4.Info 200.0.0.100 %ASA-6-302013: Built inbound TCP connection 1191 for outside:80.177.219.168/4962 (80.177.219.168/4962) to identity:217.37.175.6/443 (217.37.175.6/443)
2010-04-10 21:23:08 Local4.Info 200.0.0.100 %ASA-6-725001: Starting SSL handshake with client outside:80.177.219.168/4962 for TLSv1 session.
2010-04-10 21:23:08 Local4.Info 200.0.0.100 %ASA-6-725003: SSL client outside:80.177.219.168/4962 request to resume previous session.
2010-04-10 21:23:08 Local4.Info 200.0.0.100 %ASA-6-725002: Device completed SSL handshake with client outside:80.177.219.168/4962
2010-04-10 21:23:09 Local4.Info 200.0.0.100 %ASA-6-302013: Built inbound TCP connection 1192 for outside:80.177.219.168/4966 (80.177.219.168/4966) to identity:217.37.175.6/443 (217.37.175.6/443)
2010-04-10 21:23:09 Local4.Info 200.0.0.100 %ASA-6-725001: Starting SSL handshake with client outside:80.177.219.168/4966 for TLSv1 session.
2010-04-10 21:23:09 Local4.Debug 200.0.0.100 %ASA-7-725010: Device supports the following 4 cipher(s).
2010-04-10 21:23:09 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[1] : RC4-SHA
2010-04-10 21:23:09 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[2] : AES128-SHA
2010-04-10 21:23:09 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[3] : AES256-SHA
2010-04-10 21:23:09 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[4] : DES-CBC3-SHA
2010-04-10 21:23:09 Local4.Debug 200.0.0.100 %ASA-7-725008: SSL client outside:80.177.219.168/4966 proposes the following 6 cipher(s).
2010-04-10 21:23:09 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[1] : AES256-SHA
2010-04-10 21:23:09 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[2] : AES128-SHA
2010-04-10 21:23:09 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[3] : DES-CBC3-SHA
2010-04-10 21:23:09 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[4] : RC4-SHA
2010-04-10 21:23:09 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[5] : RC4-MD5
2010-04-10 21:23:09 Local4.Debug 200.0.0.100 %ASA-7-725011: Cipher[6] : DES-CBC-SHA
2010-04-10 21:23:09 Local4.Debug 200.0.0.100 %ASA-7-725012: Device chooses cipher : RC4-SHA for the SSL session with client outside:80.177.219.168/4966
2010-04-10 21:23:09 Local4.Info 200.0.0.100 %ASA-6-725002: Device completed SSL handshake with client outside:80.177.219.168/4966
2010-04-10 21:23:09 Local4.Debug 200.0.0.100 %ASA-7-737001: IPAA: Received message 'UTL_IP_[IKE_]ADDR_REQ'
2010-04-10 21:23:09 Local4.Notice 200.0.0.100 %ASA-5-737003: IPAA: DHCP configured, no viable servers found for tunnel-group 'Remoteaccess'
2010-04-10 21:23:09 Local4.Info 200.0.0.100 %ASA-6-737026: IPAA: Client assigned 172.22.0.1 from local pool
2010-04-10 21:23:09 Local4.Info 200.0.0.100 %ASA-6-737006: IPAA: Local pool request succeeded for tunnel-group 'Remoteaccess'
2010-04-10 21:23:09 Local4.Notice 200.0.0.100 %ASA-5-722033: Group <VPNUsers> User <Mark> IP <80.177.219.168> First TCP SVC connection established for SVC session.
2010-04-10 21:23:09 Local4.Info 200.0.0.100 %ASA-6-722022: Group <VPNUsers> User <Mark> IP <80.177.219.168> TCP SVC connection established with compression
2010-04-10 21:23:09 Local4.Warning 200.0.0.100 %ASA-4-722051: Group <VPNUsers> User <Mark> IP <80.177.219.168> Address <172.22.0.1> assigned to session
2010-04-10 21:23:09 Local4.Notice 200.0.0.100 %ASA-5-722010: Group <VPNUsers> User <Mark> IP <80.177.219.168> SVC Message: 16/ERROR: Failed to fully establish a connection to the secure gateway (proxy authentication, handshake, bad cert, etc.)..
2010-04-10 21:23:09 Local4.Notice 200.0.0.100 %ASA-5-722037: Group <VPNUsers> User <Mark> IP <80.177.219.168> SVC closing connection: User Requested.
2010-04-10 21:23:09 Local4.Info 200.0.0.100 %ASA-6-716002: Group <VPNUsers> User <Mark> IP <80.177.219.168> WebVPN session terminated: User Requested.
2010-04-10 21:23:09 Local4.Warning 200.0.0.100 %ASA-4-113019: Group = Remoteaccess, Username = Mark, IP = 80.177.219.168, Session disconnected. Session Type: SSL, Duration: 0h:00m:09s, Bytes xmt: 11890, Bytes rcv: 3131, Reason: User Requested
2010-04-10 21:23:09 Local4.Info 200.0.0.100 %ASA-6-737016: IPAA: Freeing local pool address 172.22.0.1
2010-04-10 21:23:09 Local4.Info 200.0.0.100 %ASA-6-722023: Group <VPNUsers> User <Mark> IP <80.177.219.168> TCP SVC connection terminated with compression
2010-04-10 21:23:09 Local4.Debug 200.0.0.100 %ASA-7-722029: Group <VPNUsers> User <Mark> IP <80.177.219.168> SVC Session Termination: Conns: 1, DPD Conns: 0, Comp resets: 0, Dcmp resets: 0.
2010-04-10 21:23:09 Local4.Debug 200.0.0.100 %ASA-7-722030: Group <VPNUsers> User <Mark> IP <80.177.219.168> SVC Session Termination: In: 0 (+120) bytes, 0 (+1) packets, 0 drops.
2010-04-10 21:23:09 Local4.Debug 200.0.0.100 %ASA-7-722031: Group <VPNUsers> User <Mark> IP <80.177.219.168> SVC Session Termination: Out: 761 (+23) bytes, 1 (+1) packets, 0 drops.
2010-04-10 21:23:09 Local4.Info 200.0.0.100 %ASA-6-725007: SSL session with client outside:80.177.219.168/4966 terminated.
- Labels:
-
AnyConnect
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2010 03:00 PM
Sorted!!
It was Kaspersky Anti Virus running my PC - not too sure what I need to disable but by turning off protection on a tempoary basis it worked!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2012 05:23 PM
I know this topic is really old. However, we have the same problem with Kaspersky. There are two ways to make it work after a fresh install.
1) You can reboot the computer. It will connect fine after that.
2) Disable Kaspersky, connect to the VPN. Disconnect from the VPN, reenable Kaspersky. It will always connect after that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide