Re: Debug AnyConnect for single user

praveenmathew27 · ‎10-19-2020

We have some users complaining about connectivity issues to our VPN gateway, which is running on a mix of Cisco ASA and Firepower running ASA image under vpn load-balancing. Basically, they connect and after some time, they get this reconnecting issue randomly.

Connected to VPN Gateway.

Reconnecting to VPN Gateway...

They are using AnyConnect client to connect.

I would like to run a debug on the ASA for a PARTICULAR user and keep it running for a while. Is that possible? What command should I use? I want to figure out what exactly causes the disconnection.

Mohammed al Baqari · ‎10-19-2020

Hi,

Start with disabling DTLS and reducing MTU then see if it works. Also,
check anyconnect logs on the client (using DART file) to see what the
client is facing.

**** please remember to rate useful posts

praveenmathew27 · ‎10-19-2020

I don't want to mess around with DTLS or MTU at the moment, as it has been working fine for some years now.

I asked the customer to run DART, but I don't see anything useful in the log during the "Reconnecting" phase or before.

I'm looking at this file though. Cisco AnyConnect Network Visibility Module\NetworkVisibility.txt

Is there anything in particular I could look for?

Again, back to main question, is it possible to do a debug for anyconnect connection for a single user? (like debug webvpn anyconnect...)

Mohammed al Baqari · ‎10-19-2020

No, you can't debug single user on ASA/FTD. You need to try disabling DTLS
as your provider might changed something even if it worked for years. This
can be tried per-user by creating new group-policy for testing purpose with
DTLS off.

**** please remember to rate useful posts

balaji.bandi · ‎10-19-2020

You can download and intstall DART or look at event logger to see what was the issue.

we need to findout mostly what was the reason of disconenction.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help