Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1219
Views
0
Helpful
2
Replies

Anyconnect problems after failover / login window inactive

amir.glibic
Level 1
Level 1

‎07-03-2015 12:38 AM - edited ‎02-21-2020 08:19 PM

Hi,

this week we ran into a problem after a power outage. They have a VPN-Firewall Failover Cluster, which unfortunately had the profiles only on the active ASA. After the failover, some users tried to connect, but it wasn't possible. ASA deleted all the profile association commands under "webvpn", and after switching back to Main, the removed lines were replicated.

 

Nevertheless, I solved the problem by adding the associations back into the configuration and uploading the profiles also to the Standby ASA.

 

But now, some users are calling with a strange problem: If they try to connect via VPN, they get the popup for their credentials, but it's disabled (grey).

So they can't enter anything, and I get on ASA following messages:

Jul 03 2015 08:20:31: %ASA-5-750002: Local:10.210.2.9:500 Remote:91.13.39.74:57779 Username:Unknown IKEv2 Received a IKE_INIT_SA request
Jul 03 2015 08:22:31: %ASA-4-750003: Local:10.210.2.9:4500 Remote:91.13.39.74:57780 Username:Unknown IKEv2 Negotiation aborted due to ERROR: Failed to receive the AUTH msg before the timer expired

 

After some research, I found out that all of the affected users tried to connect via VPN during the outage of the main, so I assumed that their profile was deleted or "updated" to a irregular one... 

But our Servicedesk already replaced the profile manually to the current one, and also tried to reinstall AnyConnect completely, but nothing helped.

 

For me personally, it is working without any problem, and also for some other users that were not trying to connect during the outage.

 

Has anybody a hint, where or what to look for?

 

BR

Amir

 

 

Labels:
0 Helpful
2 Replies 2

Abaji Rawool
Level 3
Level 3

‎07-06-2015 12:34 AM

Hi,

You can install AnyConnect DART tool on the PC run it after the failed connection attempt and then open the created zip bundle and go through the "AnyConnect.txt" file or post it here

HTH

Abaji.


 

0 Helpful

amir.glibic
Level 1
Level 1

‎07-08-2015 06:45 AM

We have found the cause of the issue:

Some Windows Vista Updates were installed recently, which led to the issue. Unfortunately the updates were installed exactly on the day of the VPN-failover problems, so we were troubleshooting on the wrong side...

 

 

0 Helpful
Customers Also Viewed These Support Documents