01-25-2023 10:25 AM
Hi,
This is weird to say the least. After countless conversations back and forth with tech support on my company, changing application settings and whatnot, today I realized that when using my home router 5 GHz network, Cisco AnyConnect works, but on 2.4 GHz, nah, it doesn't.
I'm totally baffled. I've already asked my ISP how is this even possible, because I know it has to be something on the network. For instance, if the MacBook is connected to phone's wifi AP, which itself is using another VPN to bypass mobile carrier (same company as my home ISP), everything works. Same setup but without VPN running on the phone, it doesn't work.
I don't even have a clue why on 5 GHz wifi it works. Some people say that MTU configuration matters but it's really strange when both wifi networks use the same underlying connection to my ISP.
Failure in AnyConnect happens during "System Scan". After spinning for about 30 seconds it doesn't complete and shows the message "No policy server detected". How come when I'm on 5 GHz network AnyConnect doesn't complain and the Scan runs until the end? Is it a company policy? Not that I'm aware. Are network frames bigger on 5 GHz? Maybe.
Any help would be much appreciated.
Thanks.
01-25-2023 10:29 AM
It is possible that the issue is related to the difference in the channel width between the 2.4GHz and 5GHz networks. The 5GHz network typically uses a wider channel width which allows for more data to be transmitted at once, which in turn can affect the Maximum Transmission Unit (MTU) size. Additionally, the 5GHz network may have less interference and congestion compared to the 2.4GHz network, which can also affect the connectivity.
It is also possible that there is a difference in the security settings between the two networks, such as different encryption methods or authentication protocols, which can affect the ability of the AnyConnect client to establish a connection.
Additionally, it is possible that the DHCP settings are different between the two networks, which can affect the way that the AnyConnect client receives its IP address and other network configuration information.
It would be helpful to compare the configurations of the two networks, including the security settings, DHCP settings, and wireless settings, to see if there is any difference that may be causing the issue.
Please rate this and mark as solution/answer, if this resolved your issue
All the best,
AK
01-25-2023 10:33 AM
Here are the general steps that can be followed to troubleshoot the issue with Cisco AnyConnect only working when connected to a 5GHz wifi network:
Verify the AnyConnect version and make sure it is compatible with the operating system and the device you are using.
Check the MTU size of the 2.4GHz and 5GHz networks. Some people suggest that the MTU configuration could be causing the issue.
Check the network settings on the device and make sure the DNS and IP settings are correct for both the 2.4GHz and 5GHz networks.
Check the firewall settings on the device and ensure that AnyConnect is allowed to pass through.
Check the settings on the router and make sure that it is configured to allow AnyConnect traffic.
If possible, check the logs of the router and the device to see if there are any error messages that could help identify the problem.
Check the settings on the VPN server and ensure that it is configured to allow connections from the device.
Try connecting to the VPN server using a different device or network to see if the issue is specific to the device or the network.
Check the company's IT policy and ensure that it does not have any restrictions that could be causing the problem.
If none of the above steps help, consider contacting Cisco support for further assistance.
It's worth noting that the troubleshooting steps may vary depending on the specific network environment and devices being used.
Please rate this and mark as solution/answer, if this resolved your issue
All the best,
AK
01-27-2023 01:45 AM
@khorram1998 wrote:The 5GHz network typically uses a wider channel width which allows for more data to be transmitted at once, which in turn can affect the Maximum Transmission Unit (MTU) size.
I've measured MTU on both networks and it's the same. This is what I got:
PING 1.1.1.1 (1.1.1.1): (1450 ... 1500) data bytes
1458 bytes from 1.1.1.1: icmp_seq=0 ttl=56 time=49.753 ms
1459 bytes from 1.1.1.1: icmp_seq=1 ttl=56 time=19.591 ms
1460 bytes from 1.1.1.1: icmp_seq=2 ttl=56 time=24.007 ms
1461 bytes from 1.1.1.1: icmp_seq=3 ttl=56 time=32.578 ms
1462 bytes from 1.1.1.1: icmp_seq=4 ttl=56 time=14.915 ms
1463 bytes from 1.1.1.1: icmp_seq=5 ttl=56 time=16.952 ms
1464 bytes from 1.1.1.1: icmp_seq=6 ttl=56 time=16.383 ms
1465 bytes from 1.1.1.1: icmp_seq=7 ttl=56 time=16.279 ms
1466 bytes from 1.1.1.1: icmp_seq=8 ttl=56 time=25.337 ms
1467 bytes from 1.1.1.1: icmp_seq=9 ttl=56 time=27.663 ms
1468 bytes from 1.1.1.1: icmp_seq=10 ttl=56 time=18.845 ms
1469 bytes from 1.1.1.1: icmp_seq=11 ttl=56 time=23.357 ms
1470 bytes from 1.1.1.1: icmp_seq=12 ttl=56 time=42.759 ms
1471 bytes from 1.1.1.1: icmp_seq=13 ttl=56 time=46.682 ms
1472 bytes from 1.1.1.1: icmp_seq=14 ttl=56 time=94.430 ms
556 bytes from 192.168.1.1: frag needed and DF set (MTU 1492)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 d505 f3cc 0 0000 40 01 7d8d 192.168.1.36 1.1.1.1
Request timeout for icmp_seq 15
For the record, a colleague of mine tested the MTU on his network and it was a tad bigger. He doesn't seem to fall in the same error while running the VPN client.
Additionally, the 5GHz network may have less interference and congestion compared to the 2.4GHz network, which can also affect the connectivity.
I wouldn't think so, I'm very close to the router.
It is also possible that there is a difference in the security settings between the two networks, such as different encryption methods or authentication protocols, which can affect the ability of the AnyConnect client to establish a connection.
Both encryption schemes are the same and even passphrase length.
Additionally, it is possible that the DHCP settings are different between the two networks, which can affect the way that the AnyConnect client receives its IP address and other network configuration information.
I have to check this in more detail but as far as LAN goes, settings are shared between 2.4 and 5 GHz networks.
I'm gonna do a few more checks on the router settings and getting some logs if possible.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide