Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5434
Views
0
Helpful
3
Replies

Anyconnect randomly opens

Michael Lydon
Level 1
Level 1

‎10-24-2013 06:53 AM - edited ‎02-21-2020 07:16 PM

Just implemented an ASA5515 with Anyconnect version 3.1.04066 for VPN use.  I'm noticing that when Anyconnect is installed on our laptops...when users are in the building, not VPN'd in, it randomly pops up in the lower right corner with the "Web Authentication Required/You may need to use a browser to gain access" message.  We don't have it set to autoconnect...so I don't understand why it pops up like that. 

I'm pretty much a WAN/VPN newbie but what I did notice is when the Anyconnect pops up, our web monitoring is showing that the client is trying to access the WAN IP of the ASA device which internally we can't do (verizon controls our router so I don't know why or if this is normal but it's never been an issue) so I'm assuming not getting a reply from the ASA is why it keeps popping up.   Is there a way to stop this polling from the Anyconnect client?  

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎10-24-2013 07:24 AM

Michael,

Do you have TND/Always On configured? Maybe NAM module?

There's a few different reasons it could be popping up. Normally it would NOT try to connect on it's own, but it WILL depend on settings.

A very efficent way of troubleshooting this would be to gether DART bundle from machine which just tried to connect.

You can go through the anyconnect.txt log (at least to start with) on your own or open a TAC case and have the VPN folk go over it and tell you what happened.

M.

0 Helpful

Michael Lydon
Level 1
Level 1
In response to Marcin Latosiewicz

‎10-24-2013 07:49 AM

Thanks for the reply.   TND and NAM are not configured.   I gathered the DART information and did come up with a 401 error accessing the external IP of our ASA.  So is seems like this captive portal detection is testing the connection.  

******************************************

Date        : 10/24/2013
Time        : 09:30:23
Type        : Information
Source      : acvpnagent

Description : Function: CNetEnvironment::TestNetEnv
File: .\NetEnvironment.cpp
Line: 370
Captive portal detected. Retesting connectivity to the secure gateway in 10 seconds.


******************************************

Date        : 10/24/2013
Time        : 09:30:34
Type        : Warning
Source      : acvpnagent

Description : Function: CNetEnvironment::logProbeFailure
File: .\NetEnvironment.cpp
Line: 1432
Invoked Function: CHttpProbeAsync::SendProbe
Return Code: -27066356 (0xFE63000C)
Description: HTTP_PROBE_ASYNC_ERROR_BAD_STATUS
HTTPS (host: 65.XXX.XX.XXX; status code: 401)


******************************************

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Michael Lydon

‎10-24-2013 10:51 AM

Michael,

That's a tough one... unfortunately no toggle to disable captive portal detection at the moment:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCud97386

M.

0 Helpful
Customers Also Viewed These Support Documents