Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
652
Views
0
Helpful
1
Replies

Anyconnect on 2911

skyflysky
Level 1
Level 1

‎04-18-2015 11:40 AM - edited ‎02-21-2020 08:11 PM

Hi.

I have the problem with Anyconnect on 2911.

Every time after push button "connect" in the Anyconnect client (Windows, Mac OS or Apple iOS) I have delay 30 sec before prompt login.

Please help.

Best regards, Artem Evseenkov

 

Debug:

Apr 18 18:33:42: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: ANYCONNECT i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at XXXXXXX:57656

Apr 18 18:33:42.112: WV: sslvpn process rcvd context queue event

Apr 18 18:33:42.112: WV: sslvpn process rcvd context queue event

Apr 18 18:33:42.140: WV: sslvpn process rcvd context queue event

Apr 18 18:33:42.140: WV: Entering APPL with Context: 0x24563B58, 

      Data buffer(buffer: 0x2459E3B8, data: 0xF7382D8, len: 898, 

      offset: 0, domain: 0)

Apr 18 18:33:42.140: WV: http request: / with no cookie

Apr 18 18:33:42.140: WV: validated_tp :  cert_username :  matched_ctx : 

Apr 18 18:33:42.140: WV: failed to get sslvpn appinfo from opssl

 

Apr 18 18:33:42.140: WV: Client side Chunk data written..

 buffer=0x2459E198 total_len=208 bytes=208 tcb=0x25996EB8

Apr 18 18:33:42.140: WV: sslvpn process rcvd context queue event

Apr 18 18:34:12: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: ANYCONNECT i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at XXXXXXXX:57662

Apr 18 18:34:12.440: WV: sslvpn process rcvd context queue event

Apr 18 18:34:12.500: WV: sslvpn process rcvd context queue event

Apr 18 18:34:12.736: WV: sslvpn process rcvd context queue event

Apr 18 18:34:12.736: WV: Entering APPL with Context: 0x24563B58, 

      Data buffer(buffer: 0x2459E3B8, data: 0xF5C68D8, len: 283, 

      offset: 0, domain: 0)

Apr 18 18:34:12.736: WV: http request: /webvpn.html with domain cookie

Apr 18 18:34:12.736: WV: validated_tp :  cert_username :  matched_ctx : 

Apr 18 18:34:12.736: WV: failed to get sslvpn appinfo from opssl

 

Apr 18 18:34:12.736: WV: Client side Chunk data written..

 buffer=0x2459E198 total_len=740 bytes=740 tcb=0x39D5AC54

Apr 18 18:34:12.736: WV: sslvpn process rcvd context queue event

Apr 18 18:34:19.112: WV: sslvpn process rcvd context queue event

Apr 18 18:34:19.148: WV: sslvpn process rcvd context queue event

Apr 18 18:34:19.384: WV: sslvpn process rcvd context queue event

Apr 18 18:34:19.384: WV: Entering APPL with Context: 0x24563DB8, 

      Data buffer(buffer: 0x2459E3B8, data: 0xF41BDD8, len: 372, 

      offset: 0, domain: 0)

Apr 18 18:34:19.384: WV: http request: /webvpn.html with domain cookie

Apr 18 18:34:19.384: WV: validated_tp :  cert_username :  matched_ctx : 

Apr 18 18:34:19.384: WV: ASYNC req sent

Apr 18 18:34:19.516: WV: Client side Chunk data written..

 buffer=0x2459E3B8 total_len=555 bytes=555 tcb=0x2593EB14

Apr 18 18:34:19.516: WV: sslvpn process rcvd context queue event

Apr 18 18:34:19.580: WV: sslvpn process rcvd context queue event

Apr 18 18:34:19.580: SSLVPN-SOCK: Mark the TCB: 0x2593EB14 and CTXT: 0x24563DB8 to point to  

                SSLVPN_SOCKET APP SOCKET: 0x213EAA20

Config:

webvpn gateway ANYCONNECT

 hostname anyconnect.XXXX

 ip address XXXX port 443  

 ssl encryption rc4-md5

 ssl trustpoint SSL

 logging enable

 inservice

 !

webvpn context ANYCONNECT

 virtual-template 1

 aaa authentication list ANYCONNECT

 gateway ANYCONNECT

 !

 ssl authenticate verify all

 inservice

 !

 policy group ANYCONNECT

   functions svc-enabled

   functions svc-required

   svc address-pool "ANYCONNECT" netmask 255.255.255.0

   svc default-domain "XXX"

   svc homepage "http://XXX/Citrix/CTXWeb/"

   svc split dns "XXX"

   svc split include 192.168.XXX

   svc split include 192.168.XXX

   svc dns-server primary 192.168.XXX

   svc dns-server secondary 192.168.XXX

   citrix enabled

 !

 policy group LIMITED

   functions svc-enabled

   functions svc-required

   svc address-pool "ANYCONNECT" netmask 255.255.255.255

   svc default-domain "XXX"

   svc homepage "http://XXX/Citrix/CTXWeb/"

   svc split dns "XXX"

   svc split include 192.168.XXX

 default-group-policy LIMITED

!

end

Labels:
0 Helpful
1 Reply 1

Frank DeNofa
Cisco Employee
Cisco Employee

‎04-22-2015 04:09 PM

Artem,

 

While I can definitely see the problem if the debugs you've collected so far, your best bet may be to open a TAC case. Assuming you're on the latest version of AnyConnect and a newer version of IOS code (recent 152 or 153), the only way to troubleshoot this further would be to collect a few more iterations of various debugs. Off the top of my head, you're probably want to gather additional detailed webvpn and tcp debugs. You may want to do a packet capture to see if there are any packets being exchanged between the router and client during this delay.

 

HTH,

Frank

0 Helpful
Customers Also Viewed These Support Documents