Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15678
Views
0
Helpful
2
Replies

AnyConnect stopped working

schen
Level 1
Level 1

‎05-19-2010 10:38 AM - edited ‎02-21-2020 04:39 PM

Without any changes on ASA5520, our users couldn't use AnyConect last night.  (Cisco IPsec VPN client still works.)

After entering the correct password, it showes "Establishing VPN _Checking for updates..." AND "Unable to establish VPN".

Here is the loging output.

||||||||-- Syslog Connection Lost --
6|May 19 2010|08:18:36|725007|65.174.148.101|3226|||SSL session with client outside:65.174.148.101/3226 terminated.
6|May 19 2010|08:18:35|725002|65.174.148.101|3228|||Device completed SSL handshake with client outside:65.174.148.101/3228
6|May 19 2010|08:18:35|725003|65.174.148.101|3228|||SSL client outside:65.174.148.101/3228 request to resume previous session.
6|May 19 2010|08:18:35|725001|65.174.148.101|3228|||Starting SSL handshake with client outside:65.174.148.101/3228 for TLSv1 session.
6|May 19 2010|08:18:35|302013|65.174.148.101|3228|74.10.212.251|443|Built inbound TCP connection 468492006 for outside:65.174.148.101/3228 (65.174.148.101/3228) to NP Identity Ifc:74.10.212.251/443 (74.10.212.251/443)
6|May 19 2010|08:18:35|302014|65.174.148.101|3226|74.10.212.251|443|Teardown TCP connection 468492002 for outside:65.174.148.101/3226 to NP Identity Ifc:74.10.212.251/443 duration 0:00:00 bytes 893 TCP Reset-O
6|May 19 2010|08:18:35|725002|65.174.148.101|3227|||Device completed SSL handshake with client outside:65.174.148.101/3227
6|May 19 2010|08:18:35|725003|65.174.148.101|3227|||SSL client outside:65.174.148.101/3227 request to resume previous session.
6|May 19 2010|08:18:35|725001|65.174.148.101|3227|||Starting SSL handshake with client outside:65.174.148.101/3227 for TLSv1 session.
6|May 19 2010|08:18:35|302013|65.174.148.101|3227|74.10.212.251|443|Built inbound TCP connection 468492005 for outside:65.174.148.101/3227 (65.174.148.101/3227) to NP Identity Ifc:74.10.212.251/443 (74.10.212.251/443)
6|May 19 2010|08:18:35|716038|||||Group <SSLClientPolicy> User <chen_st> IP <65.174.148.101> Authentication: successful, Session Type: WebVPN.
6|May 19 2010|08:18:35|716001|||||Group <SSLClientPolicy> User <chen_st> IP <65.174.148.101> WebVPN session started.
6|May 19 2010|08:18:35|734001|||||DAP: User chen_st, Addr 65.174.148.101, Connection AnyConnect: The following DAP records were selected for this connection: DfltAccessPolicy
4|May 19 2010|08:18:35|113019|||||Group = Printronix, Username = chen_st, IP = 65.174.148.101, Session disconnected. Session Type: , Duration: 0h:21m:35s, Bytes xmt: 2867976, Bytes rcv: 1697322, Reason: Port Preempted
6|May 19 2010|08:18:35|716002|||||Group <SSLClientPolicy> User <chen_st> IP <65.174.148.101> WebVPN session terminated: Port Preempted.
6|May 19 2010|08:18:35|725002|65.174.148.101|3226|||Device completed SSL handshake with client outside:65.174.148.101/3226
6|May 19 2010|08:18:35|725003|65.174.148.101|3226|||SSL client outside:65.174.148.101/3226 request to resume previous session.
6|May 19 2010|08:18:35|725001|65.174.148.101|3226|||Starting SSL handshake with client outside:65.174.148.101/3226 for TLSv1 session.
6|May 19 2010|08:18:35|302013|65.174.148.101|3226|74.10.212.251|443|Built inbound TCP connection 468492002 for outside:65.174.148.101/3226 (65.174.148.101/3226) to NP Identity Ifc:74.10.212.251/443 (74.10.212.251/443)
6|May 19 2010|08:18:34|302014|65.174.148.101|3225|74.10.212.251|443|Teardown TCP connection 468491889 for outside:65.174.148.101/3225 to NP Identity Ifc:74.10.212.251/443 duration 0:00:00 bytes 1265 TCP FINs
6|May 19 2010|08:18:34|302014|65.174.148.101|3224|74.10.212.251|443|Teardown TCP connection 468491882 for outside:65.174.148.101/3224 to NP Identity Ifc:74.10.212.251/443 duration 0:00:00 bytes 1112 TCP Reset-O
6|May 19 2010|08:18:33|725002|65.174.148.101|3225|||Device completed SSL handshake with client outside:65.174.148.101/3225
6|May 19 2010|08:18:33|725003|65.174.148.101|3225|||SSL client outside:65.174.148.101/3225 request to resume previous session.
6|May 19 2010|08:18:33|725001|65.174.148.101|3225|||Starting SSL handshake with client outside:65.174.148.101/3225 for TLSv1 session.
6|May 19 2010|08:18:33|302013|65.174.148.101|3225|74.10.212.251|443|Built inbound TCP connection 468491889 for outside:65.174.148.101/3225 (65.174.148.101/3225) to NP Identity Ifc:74.10.212.251/443 (74.10.212.251/443)
6|May 19 2010|08:18:33|725002|65.174.148.101|3224|||Device completed SSL handshake with client outside:65.174.148.101/3224
6|May 19 2010|08:18:33|725001|65.174.148.101|3224|||Starting SSL handshake with client outside:65.174.148.101/3224 for TLSv1 session.
6|May 19 2010|08:18:33|302013|65.174.148.101|3224|74.10.212.251|443|Built inbound TCP connection 468491882 for outside:65.174.148.101/3224 (65.174.148.101/3224) to NP Identity Ifc:74.10.212.251/443 (74.10.212.251/443)

What is the problem?

Many thanks,

Steven

1 person had this problem
Labels:
0 Helpful
2 Replies 2

johnd2310
Level 8
Level 8

‎05-19-2010 05:09 PM

Hi,

According to the reason given "Port Preempted", you could be exceeding the number of simultaneous users logged in. Try to increase the number of simultaneous logged in users.

Have a look at this:

http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html

**Please rate posts you find helpful**
0 Helpful

schen
Level 1
Level 1
In response to johnd2310

‎05-20-2010 09:00 AM

Thanks.

I have discovered the problem.

We have failover ASA. It failed over first time in three years. Every other functions worked well except AnyConnect. The problem was that AnyConnect "image" was not configured on the failover unit.  After the image was configured, the AnyConnect worked.

Steven

0 Helpful
Customers Also Viewed These Support Documents