Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
721
Views
5
Helpful
8
Replies

Cisco AnyConnect disconnection issue

alirgdm
Level 1
Level 1

‎12-19-2023 06:56 AM

I connect to my work through the CISCO AnyConnect VPN client, and lately I have been facing constant disruptions where the VPN client keeps disconnecting. I reviewed the logs exported via the DART utility and only activity happening at the time of disconnection says: IKE session deleted with internal reason code 5 - Lost contact with peer. This happens right after: Send NAT keepalive packet local IP address:37905 remote IP address:37905.

I have searched for the reason code 5 and have not found any answers. I am trying to get at the root cause of this and what is causing this error. Any help is much appreciated.

 

Labels:
8 Replies 8

MHM Cisco World
VIP
VIP

‎12-19-2023 07:25 AM

It SSL or IKEv2 VPN

If it SSL then use 

anyconnect ssl keepalive 60

What causes of problems is there is NAT and you need always send packet to make NAT entry not remove and make your vpn drop

MHM

0 Helpful

alirgdm
Level 1
Level 1
In response to MHM Cisco World

‎12-19-2023 07:29 AM

Hello, the VPN is IKEv2. 

0 Helpful

MHM Cisco World
VIP
VIP
In response to alirgdm

‎12-19-2023 07:36 AM

Show me vpn sessiondb <- if ASA  

When it happened again 

MHM

0 Helpful

alirgdm
Level 1
Level 1
In response to MHM Cisco World

‎12-27-2023 07:10 AM

I believe it is less the anyconnect client issue and may be a hardware issue. I am working to identify that, however, I would still like to know what this error internal reason code 5 means?

0 Helpful

MHM Cisco World
VIP
VIP
In response to alirgdm

‎12-28-2023 06:05 AM

I need to see below when issue happened 

Show me vpn sessiondb 

MHM

0 Helpful

Ruben Cocheno
Spotlight
Spotlight

‎12-22-2023 02:52 AM

@alirgdm 

how often that problem happens, every 30 seconds after you connect or randomly that you can't put a timestamp on it?

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

alirgdm
Level 1
Level 1
In response to Ruben Cocheno

‎12-27-2023 07:08 AM

Hi @Ruben Cocheno the problem is very intermittent, it would happen once every few hours and then will happen in bunches. I did some additional troubleshooting and have potentially identified the culprit, it may be the MOCA adapter feeding the switch which then connects to my laptop.

However, I would still like to know what is this error and what does this mean > internal reason code 5

Thanks.

0 Helpful

Ruben Cocheno
Spotlight
Spotlight

‎12-28-2023 06:10 AM

@alirgdm 

 
Found a bug that relates to that issue, and the internal code 5 means Lost contact with peer
When using IKEv2 RaVPN on MAC every time an interface flap due to AWDL0 the ASA/Client appears to miss a dPD: This causes increasing amounts of the following message to be seen on the logs: IKE session deleted with internal reason code 5 - Lost contact with peer
Conditions: MAC OS with Anyconnect 4.9 versions
 
Upgrade and/test other platform if possible.
 
Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/
0 Helpful
Customers Also Viewed These Support Documents