04-18-2015 11:40 AM - edited 02-21-2020 08:11 PM
Hi.
I have the problem with Anyconnect on 2911.
Every time after push button "connect" in the Anyconnect client (Windows, Mac OS or Apple iOS) I have delay 30 sec before prompt login.
Please help.
Best regards, Artem Evseenkov
Debug:
Apr 18 18:33:42: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: ANYCONNECT i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at XXXXXXX:57656
Apr 18 18:33:42.112: WV: sslvpn process rcvd context queue event
Apr 18 18:33:42.112: WV: sslvpn process rcvd context queue event
Apr 18 18:33:42.140: WV: sslvpn process rcvd context queue event
Apr 18 18:33:42.140: WV: Entering APPL with Context: 0x24563B58,
Data buffer(buffer: 0x2459E3B8, data: 0xF7382D8, len: 898,
offset: 0, domain: 0)
Apr 18 18:33:42.140: WV: http request: / with no cookie
Apr 18 18:33:42.140: WV: validated_tp : cert_username : matched_ctx :
Apr 18 18:33:42.140: WV: failed to get sslvpn appinfo from opssl
Apr 18 18:33:42.140: WV: Client side Chunk data written..
buffer=0x2459E198 total_len=208 bytes=208 tcb=0x25996EB8
Apr 18 18:33:42.140: WV: sslvpn process rcvd context queue event
Apr 18 18:34:12: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: ANYCONNECT i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at XXXXXXXX:57662
Apr 18 18:34:12.440: WV: sslvpn process rcvd context queue event
Apr 18 18:34:12.500: WV: sslvpn process rcvd context queue event
Apr 18 18:34:12.736: WV: sslvpn process rcvd context queue event
Apr 18 18:34:12.736: WV: Entering APPL with Context: 0x24563B58,
Data buffer(buffer: 0x2459E3B8, data: 0xF5C68D8, len: 283,
offset: 0, domain: 0)
Apr 18 18:34:12.736: WV: http request: /webvpn.html with domain cookie
Apr 18 18:34:12.736: WV: validated_tp : cert_username : matched_ctx :
Apr 18 18:34:12.736: WV: failed to get sslvpn appinfo from opssl
Apr 18 18:34:12.736: WV: Client side Chunk data written..
buffer=0x2459E198 total_len=740 bytes=740 tcb=0x39D5AC54
Apr 18 18:34:12.736: WV: sslvpn process rcvd context queue event
Apr 18 18:34:19.112: WV: sslvpn process rcvd context queue event
Apr 18 18:34:19.148: WV: sslvpn process rcvd context queue event
Apr 18 18:34:19.384: WV: sslvpn process rcvd context queue event
Apr 18 18:34:19.384: WV: Entering APPL with Context: 0x24563DB8,
Data buffer(buffer: 0x2459E3B8, data: 0xF41BDD8, len: 372,
offset: 0, domain: 0)
Apr 18 18:34:19.384: WV: http request: /webvpn.html with domain cookie
Apr 18 18:34:19.384: WV: validated_tp : cert_username : matched_ctx :
Apr 18 18:34:19.384: WV: ASYNC req sent
Apr 18 18:34:19.516: WV: Client side Chunk data written..
buffer=0x2459E3B8 total_len=555 bytes=555 tcb=0x2593EB14
Apr 18 18:34:19.516: WV: sslvpn process rcvd context queue event
Apr 18 18:34:19.580: WV: sslvpn process rcvd context queue event
Apr 18 18:34:19.580: SSLVPN-SOCK: Mark the TCB: 0x2593EB14 and CTXT: 0x24563DB8 to point to
SSLVPN_SOCKET APP SOCKET: 0x213EAA20
Config:
webvpn gateway ANYCONNECT
hostname anyconnect.XXXX
ip address XXXX port 443
ssl encryption rc4-md5
ssl trustpoint SSL
logging enable
inservice
!
webvpn context ANYCONNECT
virtual-template 1
aaa authentication list ANYCONNECT
gateway ANYCONNECT
!
ssl authenticate verify all
inservice
!
policy group ANYCONNECT
functions svc-enabled
functions svc-required
svc address-pool "ANYCONNECT" netmask 255.255.255.0
svc default-domain "XXX"
svc homepage "http://XXX/Citrix/CTXWeb/"
svc split dns "XXX"
svc split include 192.168.XXX
svc split include 192.168.XXX
svc dns-server primary 192.168.XXX
svc dns-server secondary 192.168.XXX
citrix enabled
!
policy group LIMITED
functions svc-enabled
functions svc-required
svc address-pool "ANYCONNECT" netmask 255.255.255.255
svc default-domain "XXX"
svc homepage "http://XXX/Citrix/CTXWeb/"
svc split dns "XXX"
svc split include 192.168.XXX
default-group-policy LIMITED
!
end
04-22-2015 04:09 PM
Artem,
While I can definitely see the problem if the debugs you've collected so far, your best bet may be to open a TAC case. Assuming you're on the latest version of AnyConnect and a newer version of IOS code (recent 152 or 153), the only way to troubleshoot this further would be to collect a few more iterations of various debugs. Off the top of my head, you're probably want to gather additional detailed webvpn and tcp debugs. You may want to do a packet capture to see if there are any packets being exchanged between the router and client during this delay.
HTH,
Frank
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide