Solved: Re: Cisco Secure Client VPN randomly "reconnects"

evanwines214 · ‎08-22-2024

So, this is my last resort. Im using a company laptop and internal IT is useless and has not been able to figure it out and sees it as a waste of time to reach out to Cisco TAC themselves.

My issue is that it will slow way down, ill get a "reconnecting to [company VPN name] then immediately it will give me a "reconnected to [company VPN] name. I work as a phone support agent and when this happens it drops my calls. My internal IT has not been able to figure anything out and this has been on going for months with no resolution in sight. I dont know what you guys would need, i have some DART logs from when it would do this whole reconnecting reconnected thing. While some of these logs were running this happened in the middle of it so maybe itll have captured whats going on. I can see event viewer talking about some stuff regarding it at the times when it happens but i dont fully understand what it means.

Praying theres someone out there who can help. Just let me know what you need and ill see what i can provide you with!

ccieexpert · ‎08-22-2024

That is because of a network interface going down:

******************************************

Date : 08/22/2024
Time : 16:14:22
Type : Information
Source : csc_vpnagent

Description : The network interface for the VPN connection has gone down.

also what is

Ethernet 2: 172.17.28.182
Wi-Fi: 192.168.1.250

the ethernet interface ? shut it down ..

ideally use wired if you can more reliable...

but there was another reconnection at 11 ish

******************************************

Date : 08/22/2024
Time : 11:02:15
Type : Error
Source : csc_vpnagent

Description : Function: CSocketTransport::callbackHandler
File: C:\temp\build\thehoff\Raccoon_MR20.823301788814\Raccoon_MR2\vpn\Common\IPC\SocketTransport.cpp
Line: 2178
Invoked Function: ::WSAGetOverlappedResult
Return Code: 10060 (0x0000274C)
Description: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

Associated overlapped operation is ::WSARecv

******************************************

this look like an issue on the headend or network..

we need further DART to see if the problem is similar and what is the pattern. one issues seems to be network or headend, but second issue seems to be loss of wifi... see if you wifi is stable or switch to wired connection.

What i would do is also if your voip service is on the internet/cloud, have the IT team exclude that from the VPN, so it does not get affected by VPN..

**Please rate as helpful if this was useful**

View solution in original post

MHM Cisco World · ‎08-22-2024

Hi friend

Share DART let take look

MHM

evanwines214 · ‎08-22-2024

So this is the most recent one i have. The issue actually occurred while running the DART logs. Maybe it caught something during it

Edit: This is also what my internal IT said "was not worth reaching out to Cisco TAC over" even though he could not understand the logs?

jaaceved · ‎08-22-2024

Close to the end of the DART bundle I can see the following:

******************************************

Date : 08/22/2024
Time : 16:14:14
Type : Error
Source : csc_vpnagent

Description : Function: CTunnelProtocolDpdMgr::OnTimerExpired
File: C:\temp\build\thehoff\Raccoon_MR20.823301788814\Raccoon_MR2\vpn\Agent\TunnelProtocolDpdMgr.cpp
Line: 432
Invoked Function: CTunnelProtocolDpdMgr::handleExpiredDPD
Return Code: -25952246 (0xFE74000A)
Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure gateway failed to respond to Dead Peer Detection packets.
SSL/CSTP

******************************************

Date : 08/22/2024
Time : 16:14:14
Type : Error
Source : csc_vpnagent

Description : Function: CTunnelStateMgr::OnTunnelStatusChange
File: C:\temp\build\thehoff\Raccoon_MR20.823301788814\Raccoon_MR2\vpn\Agent\TunnelStateMgr.cpp
Line: 1430
Invoked Function: Tunnel status change callback status
Return Code: -25952246 (0xFE74000A)
Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure gateway failed to respond to Dead Peer Detection packets.
SSL

******************************************

After those errors the VPN client starts to reconnect:

******************************************
Date : 08/22/2024
Time : 16:14:14
Type : Warning
Source : csc_vpnagent

Description : Tunnel level reconnect reason code 6:
Disruption of the VPN connection to the secure gateway.
Caching the default reconnect reason for SSL

******************************************

Date : 08/22/2024
Time : 16:14:14
Type : Information
Source : csc_vpnagent

Description : The Primary SSL connection to the secure gateway is being re-established.

******************************************
Here is more information related to those DPD messages:

AnyConnect FAQ - Tunnels, DPDs, and Inactivity Timer - https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116312-qanda-anyconnect-00.html#anc4;

This can mean that the DPD's are getting lost on the path between the client and the Firewall. I suggest the below:
1) Confirm if the FTD headend was reachable/up during time of issue?
2) Check with the client ISP to see why the DPD's were getting lost.

ccieexpert · ‎08-22-2024

That is because of a network interface going down:

******************************************

Date : 08/22/2024
Time : 16:14:22
Type : Information
Source : csc_vpnagent

Description : The network interface for the VPN connection has gone down.

also what is

Ethernet 2: 172.17.28.182
Wi-Fi: 192.168.1.250

the ethernet interface ? shut it down ..

ideally use wired if you can more reliable...

but there was another reconnection at 11 ish

******************************************

Date : 08/22/2024
Time : 11:02:15
Type : Error
Source : csc_vpnagent

Description : Function: CSocketTransport::callbackHandler
File: C:\temp\build\thehoff\Raccoon_MR20.823301788814\Raccoon_MR2\vpn\Common\IPC\SocketTransport.cpp
Line: 2178
Invoked Function: ::WSAGetOverlappedResult
Return Code: 10060 (0x0000274C)
Description: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

Associated overlapped operation is ::WSARecv

******************************************

this look like an issue on the headend or network..

we need further DART to see if the problem is similar and what is the pattern. one issues seems to be network or headend, but second issue seems to be loss of wifi... see if you wifi is stable or switch to wired connection.

What i would do is also if your voip service is on the internet/cloud, have the IT team exclude that from the VPN, so it does not get affected by VPN..

**Please rate as helpful if this was useful**

evanwines214 · ‎08-22-2024

You ask for more DART, i provide more DART

evanwines214 · ‎08-23-2024

Well, I shook the cage enough and got internal IT to raise a ticket for this to Cisco TAC. Ive already made contact with the support rep for the issue. Thank you all for helping with what little info you had available to you! I very much appreciate it