I have configured Anyconnect VPN with auth and authz towards ISE. IP address is assigned in the authz profile. The problem is when the internet is lost on the PC or PC goes to sleep and after the connectivity is back or PC wakes up then the anyconnect doesn't reconnect. In this state the VPN is disconnected on the PC but the session exists on the ASA so user hits connect again but the connection fails with this log on the ASA (among others): No address available for SVC connection. I think the reason is that the session is still on the ASA and the ASA sees the ISE sent the same IP address to this new connection and that is why ASA reject the connection. The only way is to clear the old connection manually from ASA (ISE cannot be used since the acct stop was sent during this new connection attempt). The idle-timeout is 60min and cannot be changed.
The question is how to terminate the "old" session and connect the new one for the same user?
Solved! Go to Solution.