Re: Flex Anyconnect remote VPN

MriduD · ‎06-03-2025

Hello All,

I need your help again.

So, we manage one of our client's WAN router which is a Cisco 1121-4P router.

Flex anyconnect VPN is configured on it.

The issue is that users sometimes get disconnected randomly and get the attached error when they try to reconnect.

The users can connect again only after rebooting the WAN router.

Is it a Cisco bug? Please help me fix this issue.

Eagerly waiting for some help/advice/fix.

MHM Cisco World · ‎06-19-2025

Hi

Are this issue solved ?

MHM

MriduD · ‎06-19-2025

Unfortunately, No sir.

MHM Cisco World · ‎06-19-2025

What is ikev2 phaseI abd phaseII lifetime ?

MHM

MriduD · ‎06-20-2025

I am using default parameters.

Encr: AES-CBC, keysize: 256, PRF: SHA512, Hash: SHA512, DH Grp:21, Auth sign: RSA, Auth verify: AnyConnect-EAP
Life/Active Time: 86400/843 sec -- phase 1

Phase 2 is 3600 seconds I think

MHM Cisco World · ‎06-20-2025

that good

can you add dpd under ikev2 profile

dpd 10 3 periodic

MHM

MriduD · ‎06-20-2025

Done. I'll let you know if it does the same thing again.. Tysm Sir.. Really appreciate it!

MriduD · ‎09-02-2025

Phase 2 is 3600 seconds I think

MriduD · ‎09-02-2025

No Sir.. It's still kicking out users and allowing them to log back in only after the Cisco 1121-4P router is rebooted.

I am struggling to find a permanent fix. When I googled, I came across this article as the closest answer to my problem. I have implemeted the change as told in the article.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb76988

MriduD · ‎09-02-2025

I think I might have to upgrade the ios.

Currently it is on Cisco IOS XE Software, Version 17.02.02

Can you guide how to download 17.9.x or 17.12.x?

MHM Cisco World · ‎09-02-2025

Before that

Try reconnect feature

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/xe-16-12/sec-flex-vpn-xe-16-12-book/sec-cfg-recon-flex.html

MHM