Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3435
Views
0
Helpful
8
Replies

Cisco AnyConnect client

jjohnson36
Level 1
Level 1

‎08-24-2015 10:34 AM - edited ‎02-21-2020 08:25 PM

We got the following error message when we tried to open Cisco AnyConnect client "Connection attempt has timed out.  Please verify Internet connectivity".  We do have internet access.  We have Windows 7, 64-bit, SP1.  Is there a way to troubleshoot this problem?

Thanks.

Labels:
0 Helpful
8 Replies 8

Anthony Brandelli
Level 1
Level 1

‎08-24-2015 11:11 AM

Can you access the VPN gateway in a web browser, using https://<vpngatewayip>?

0 Helpful

jjohnson36
Level 1
Level 1
In response to Anthony Brandelli

‎08-24-2015 02:28 PM

Thanks for your prompt response, Anthony.  I cannot access the VPN gateway.  I got the error message "This page can't be displayed." when I typed https://<vpngatewayip>. ; Any other suggestions?  Thanks.

0 Helpful

Anthony Brandelli
Level 1
Level 1
In response to jjohnson36

‎08-24-2015 04:55 PM

Sorry I should have been more specific, substitute <vpngatewayip> with what you connect to with Anyconnect, this is displayed on Anyconnect startup. Do you manage the ASA/ISR that the Anyconnect clients connect to?

0 Helpful

jjohnson36
Level 1
Level 1
In response to Anthony Brandelli

‎08-24-2015 09:03 PM

Thanks Anthony.  I don't quite understand your suggestions.  I tried both the vpngateway ip address and the Fully Qualified Domain Name, I still got the error message "This page can't be displayed".  Yes, I manage the ASA that Anyconnect clients connect to. Any suggestions are greatly appreciated.

Thanks.

0 Helpful

Anthony Brandelli
Level 1
Level 1
In response to jjohnson36

‎08-24-2015 09:24 PM

Well to my knowledge Anyconnect uses port 443 initially to negotiate the TLS/SSL tunnel, then possibly after that it uses DTLS on a different port, or IPsec. If you can't access this in a browser then that means there are issues accessing the ASA.

Was this ever working or is this a new deployment? Are any clients working?

0 Helpful

jjohnson36
Level 1
Level 1
In response to Anthony Brandelli

‎08-24-2015 10:13 PM

Thanks so much for your prompt response, Anthony.  When the users are away from the office (home, hot spots, etc.), they are able to open and login Cisco AnyConnect client.  However, when they are in the office , they are unable to open Cisco Anyconnect client.  Cisco Anyconnect client would display the error message.  The office firewall is wide open.  There were no specific rules on the firewall that would block VPN traffic.

Thanks.

 

0 Helpful

Anthony Brandelli
Level 1
Level 1
In response to jjohnson36

‎08-26-2015 11:54 PM

All of my Anyconnect clients connect to ISRs so I can't comment too much on the ASA config, but from the docs it seems in webvpn config mode you type "enable outside" to configure the interface it listens on, I suspect it doesn't work with traffic sourced internally but I don't have an ASA to test this. 

What is the use case of clients needing to connect to the ASA internally using Anyconnect?

0 Helpful

jjohnson36
Level 1
Level 1
In response to Anthony Brandelli

‎08-28-2015 09:15 AM

Thanks Anthony.  There was a routing issue on the internal firewall.  We were able to resolve the issue.  Users are now able to connect using Cisco AnyConnect client.  Thanks for your help.

0 Helpful
Customers Also Viewed These Support Documents