cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
308
Views
10
Helpful
5
Replies

ASA stuck Anyconnect connection

peter.matuska1
Beginner
Beginner

Hi,

I have configured Anyconnect VPN with auth and authz towards ISE. IP address is assigned in the authz profile. The problem is when the internet is lost on the PC or PC goes to sleep and after the connectivity is back or PC wakes up then the anyconnect doesn't reconnect. In this state the VPN is disconnected on the PC but the session exists on the ASA so user hits connect again but the connection fails with this log on the ASA (among others): No address available for SVC connection. I think the reason is that the session is still on the ASA and the ASA sees the ISE sent the same IP address to this new connection and that is why ASA reject the connection. The only way is to clear the old connection manually from ASA (ISE cannot be used since the acct stop was sent during this new connection attempt). The idle-timeout is 60min and cannot be changed.

The question is how to terminate the "old" session and connect the new one for the same user?

 

thank you

1 Accepted Solution

Accepted Solutions

Aref Alsouqi
Collaborator
Collaborator

I think you can fix this issue by setting the users simultaneous logins to 1. By doing so, when AnyConnect tries to reconnect, the firewall will clear the previous session before establishing the new one.

View solution in original post

5 Replies 5

MHM Cisco World
Advisor
Advisor

just to clear issue 
the anyconnect can not reconnect because ?
IP get from ASA 
or 
ISE auth timeout 

I don't know why it cannot reconnect after network connectivity is restored but I know that it cannot connect again because of the IP address getting from ISE (I think).