cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
975
Views
0
Helpful
1
Replies

Client Anyconnect VPN firewall not logging disconnected reason when there is a user ISP failure or cable disconnected

mmantilla2008
Level 1
Level 1

I recently had assigned the requirement of logging Anyconnect VPN disconnect reasons. This is working very well by using the message-id 113019. When a user disconnects the vpn client you see the logging reason "user requested". If the session-timeout is reached then you see the reason "max time exceeded". If you logoff the user from the firewall then you see "administrator request". However, the firewall never logs the reason when a user unexpectedly lost connection due to an ISP failure or if simply the network cable was disconnected. In fact the session is never removed from the vpn-session-db table if the user is unexpectedly disconnected. You also do not see the Inactivity timer increasing. I takes hours for finally the session to be removed from this table or you have to manually remove it by using the logoff command. I have tried using DCD for Anyconnect within the group-policy under webvpn but there was no difference. I also tried upgrading the firewall to the Interim 9.12.3 and I still have the same behavior. Even when finally the session is removed from the table you do not get a log with the disconnection reason.

 

Questions:

-Does anybody knows how to change this behavior in the firewall? It seems to me that the firewall should definitely have a mechanism to detect when the user is not connected anymore.

Does anybody knows how to log when the user is disconnected due to failure of ISP in the user side? 

-It seems like there is a log reason "Lost Service" that is meant to be received in the cases when there is an ISP failure but I never get this log. Does anybody has any ideas on how to log when this occurs?

1 Reply 1

Lee Dress
Level 1
Level 1

Look for syslog ID 722037. 

I get this when people lose their connection or close their laptop before disconnecting VPN

SVC closing connection: DPD failure.

 

Hopefully that helps.