I posted this a year or two ago but got no hits. Hoping there's finally a solution.
Client logs in with Anyconnect, gets an ip address, successfully connects with no problem. Everything works...
...until the user clicks "Disconnect". If he immediately tries to log in again he gets this error:
"The secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires reauthentication. The following message was received from the secure gateway: No assigned address."
The amount of time he has to wait until the error goes away and he can log in again is exactly equal to the idle timeout setting in the Group Profile.
Looking on the ASA under Monitoring -> VPN Statistics -> Sessions -> All Remote Access, the session remains there until the idle timeout expires, at which point it goes away and the client is able to log in again.
On the same screen above, if I manually disconnect the client, he's able to log in again immediately.
If I go to the radius server and assign him a different IP address, he's able to log in again and will show up in the above session table with two entries, one for each IP address. This behaviour only seems to happen when a user is handed the same IP address from the radius server, e.g. if he's assigned a static IP, or if he's given the same dynamic IP address.
Tried Anyconnect client versions 3.0.11042, 3.1.13015, and 4.2.01022.
Tried on an ASA5505 with ASA version 8.2.5, also on an ASA5506X with ASA version 9.5.2.
Why doesn't the entry simply go away when he clicks "disconnect"? Is there a way to force it to disconnect in the session table? Very frustrating!
I was running into the same issue and didn't see a solution, so I hope this helps someone else.
With the assumption that you have a single address assigned to the user, edit the group profile and set simultaneous logins to 1. When the user logs back in, it will force the disconnected session out and the new session will be allowed to have the assigned address again.
GeneralWhich Cisco Secure products include access to SecureX?What are the SecureX data retention/privacy policies?What is SSE?How can I unlink my smart account from SSE and link it to a new account?Do I have to use the same SSE region as the SecureX regio...
More people are working remotely, and this increases the risk of security breaches and the difficulty in defending remote workers where they work and securing the devices they use.
Learn about Cisco Remote Secure Worker solutions that verify workers, secu...
GeneralWhich Cisco Secure products include access to SecureX?What are the SecureX data retention/privacy policies?What is SSE?How can I unlink my smart account from SSE and link it to a new account?Do I have to use the same SSE region as the Secur...
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr...