Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
134429
Views
20
Helpful
6
Replies

AnyConnect VPN session disconnect and reconnect

Go to solution
limlayhin
Level 1
Level 1

‎04-28-2014 02:45 AM - edited ‎02-21-2020 07:37 PM

I have a cisco ASA 5525-X firewall, configured to accept AnyConnect VPN client (IKEv2) connection.

 

Anyconnect VPN client can successfully login.

During the 1st 10 minute after login, Anyconnect VPN client will lost VPN connection for a few seconds (ranging from 3 seconds to 10 seconds), then it automatically reconnect back. After that, no more connection lost happen.

Connection lost happened to multiple labtops. So far, at least 4 labtops demonstrate the same problem. 

 

It doesn't affect network operation, but it gives unpleasant impression to the users. 

 

I tried monitoring firewall logs from ASDM, no error log detected.

I use Wireshark to capture traffic at client side, also no error detected. 

 

Can idea how I can continue troubleshoot this problem? 

8 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Vishnu Sharma
Level 1
Level 1

‎04-28-2014 05:58 AM

Hi Limlayhin,

 

You can go ahead and capture the dart logs. You can download the dart bundle for the version of anyconnect you are using and run after you experience this issue. Please make sure that you clear all you event viewer logs before you initiate the Anyconnect client. 

 

To clear the event viewer logs, follow these steps:

1. Start>>Run>>Eventvwr

2. It will then open Event Viewer Window

3. Maximize Application and Service Logs and below that you will find an option "Cisco Anyconnect Secure Mobility Client"

4. Right click on the Cisco Anyconnect Secure Mobility Client and select clear logs. Select clear after that. 

 

Once you are done with this, initiate the anyconnect connection and let the problem occur. Once the problem occurs, disconnect the anyconnect client and run the dart logs. It will create a Zip file on your desktop (by default) and you can go through the Anyconnect connection logs to look for the root cause.

Let me know if this helps.

 

Vishnu 

View solution in original post

6 Replies 6

Go to solution
Vishnu Sharma
Level 1
Level 1

‎04-28-2014 05:58 AM

Hi Limlayhin,

 

You can go ahead and capture the dart logs. You can download the dart bundle for the version of anyconnect you are using and run after you experience this issue. Please make sure that you clear all you event viewer logs before you initiate the Anyconnect client. 

 

To clear the event viewer logs, follow these steps:

1. Start>>Run>>Eventvwr

2. It will then open Event Viewer Window

3. Maximize Application and Service Logs and below that you will find an option "Cisco Anyconnect Secure Mobility Client"

4. Right click on the Cisco Anyconnect Secure Mobility Client and select clear logs. Select clear after that. 

 

Once you are done with this, initiate the anyconnect connection and let the problem occur. Once the problem occurs, disconnect the anyconnect client and run the dart logs. It will create a Zip file on your desktop (by default) and you can go through the Anyconnect connection logs to look for the root cause.

Let me know if this helps.

 

Vishnu 

Go to solution
limlayhin
Level 1
Level 1
In response to Vishnu Sharma

‎05-11-2014 08:35 PM

I used DART to troubleshoot the problem. 

 

Error message that I suspected related to the problem is as below: 

- The Primary DTLS connection to the secure gateway is down.

- Reconfigure reason code 16:New MTU configuration.

- The entire VPN connection is being reconfigured.

- Message type information sent to the user: Establishing VPN - Examining system...

- A new MTU needs to be applied to the VPN network interface. Disabling and re-enabling the Virtual Adapter. Applications utilizing the private network may need to be restarted.

- VPN state: Reconnecting Network state: Network Accessible Network control state: Network Access: Restricted Network type: Undefined

- Message type information sent to the user: Reconnecting to <vpngw_domain_name>...

- Message type information sent to the user: Establishing VPN - Activating VPN adapter...

0 Helpful

Go to solution
limlayhin
Level 1
Level 1
In response to limlayhin

‎05-14-2014 10:52 PM

 

I managed to solve the problem. 

Reason:

Anyconnect VPN Client was tried to use DTLS in its connection. When it detected that DTLS is not successful, it switch to TLS which cause a session reset. 

 

Disable DTLS or reduce MTU to 1200 stop the session disconnect and reconnect problem. 

 

Reference:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116881-technote-anyconnect-00.html

http://security.stackexchange.com/questions/29172/what-changed-between-tls-and-dtls

Go to solution
joezamora
Level 1
Level 1
In response to limlayhin

‎12-10-2019 10:27 AM - edited ‎12-10-2019 10:29 AM

5 ½ years later, this one really helped me out; thanks!  Here's a client-side fix that worked for me.

 

TL;DR If Cisco AnyConnect is disconnecting, reconnecting every few minutes, try blocking UDP in/out ports for the vpnagent executable/service.

Cisco AnyConnect Secure Mobility Client version 4.7.04056

 

http://blog.idmware.com/2019/12/client-side-fix-cisco-anyconnect.html

0 Helpful

Go to solution
MauricioLopez62587
Level 1
Level 1
In response to limlayhin

‎03-23-2020 09:03 AM

Thank you!!!

I know this post is 6 years old but it worked!!

 

0 Helpful

Go to solution
lionel valero
Level 1
Level 1
In response to MauricioLopez62587

‎03-23-2020 01:10 PM

Which action, reduce MTU ?

0 Helpful
Customers Also Viewed These Support Documents