cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3655
Views
0
Helpful
8
Replies

AnyConnect Secure Mobility Client Slow Login

j44mistry
Level 1
Level 1

Hello,

I am planning to role out with this new AnyConnect client as the IPSEC client is now EOL.   I have seen a few threads about slowness with Anyconnect but this does not answer my question as to why the SSL client takes a long time just to come back with a login prompt when trying to connect to a site.   

The IPSEC client is so much faster.  I fear the users are going to complain when this does get rolled out.

I am using the Anyconnect client with Cisco 3925 routers IOS 15.4.2 on Windows 7 laptops and IPhone.  

 

Any ideas how I can resolve this ASAP ?

 

 

 

 

 

 

 

 

8 Replies 8

Marvin Rhoads
Hall of Fame
Hall of Fame

I've never heard anyone complain about this issue. SSL VPN using AnyConnect is slightly slower that IPsec VPN using the legacy client as it does some checks for software and profile updates - features that aren't available on the old client.

I just measured an ASA system that supports both clients (using my watch, not precise) and see about 7 seconds (old IPsec client) vs. 15 seconds (AnyConnect SSL VPN). Both have the same tunneled network list and login banner configured.

I get 45 seconds to 1min delay with AnyConnect before I get login prompt but zero delay with IPSEC.

 

 

Something is misconfigured if you are having to wait 45+ seconds just for the login prompt.

 

Where is the misconfiguration ?

 

 

It's hard to say having seen none of your configuration. You experience is very atypical though and is not based on any inherent inability of the AnyConnect Secure Mobility client perform responsively.

Feel free to post your config here for review. If you have Smartnet support, you can contact the TAC for an in depth review and troubleshooting.

I have logged a case with TAC.

Scott Larsen
Level 1
Level 1

I see a similar delay in the AnyConnect client displaying the login prompt.  Checking the logs on both the client and the ASA indicate that the client doesn't even attempt to talk to the ASA until the very end, so it is all "client-side" slowness.

 

My initial suspicion is in the network provider order, but I was wondering if you found anything out from the TAC.

I see the same delay on 40 seconds after upgrading my Client frm 4.0 to 4.5.01044. Wireshark does not show traffic between Client ant ASA in the delay period. Any solution?