Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14484
Views
0
Helpful
11
Replies

Incredibly long time for AnyConnect client to complete VPN Login

trodecke
Level 1
Level 1

‎07-19-2017 08:30 AM - edited ‎02-21-2020 09:22 PM

We're having an issue with one particular user that when she initiates a VPN connection,  it can take up to 11 minutes to complete the process.  According to the AnyConnect logs,  the area where it gets stuck is where the AnyConnect downloader is performing update checks.  In the most recent incident,  that entry shows in the logs and then, 9 1/2 minutes later, the next log entry says checking for profile updates.  We're fairly certain that the ASA isn't actually downloading anything to the client.  The client installed on her laptop is version 4.3 and the image we check for on the ASA is 3.1.0.  We also don't have any of the additional checks enabled (file versions, registry entries, etc).  In fact, the Secure Desktop Manager section of the ASA is totally blank and has no configuration at all.  This doesn't happen all the time but does happen fairly regularly, at least twice a week.

I've tried watching the ASA logs while someone connects with the AnyConnect client but even with the logging set to debug levels,  I get no indication of what's actually taking place on the client during the connection process except when phase 1 and phase 2 are completed and radius authentication is successful.

Has anyone ever seen anything like this before or,  does anyone have any ideas as to where we can go to start checking what might be causing this delay?

Here's some more information about the connection;

ASA ASA 5508X running version 9.6(2)

AnyConnect Client version 4.3.01095

IPsec (IKE v2) tunnel (SSL is disabled)

Thanks!

Labels:
Preview file
117 KB
0 Helpful
11 Replies 11

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎07-19-2017 08:34 AM

Hi,

Does it happen for any other user?

Please share the DART file for that user:

https://supportforums.cisco.com/document/12747756/how-collect-dart-bundle-anyconnect

Regards,

Aditya

Please rate helpful and mark correct answers

0 Helpful

trodecke
Level 1
Level 1
In response to Aditya Ganjoo

‎07-19-2017 08:39 AM

Hi Aditya.  We have no reports of this happening to other users,  at least not to this extent.  Of the 500 or so VPN users we have, I polled ~50 of them and the consensus was that the VPN client connected in less than 30 seconds.  

I have the DART file for this users but there's too much sensitive information in it to post publicly.  Can you provide a Cisco e-mail address I can send it to?   I would open a ticket but the user is in a different state and can't give up her laptop for troubleshooting purposes.

0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to trodecke

‎07-19-2017 08:47 AM

Hi,

You can share the DART on my Cisco Email: adganjoo@cisco.com

Regards,

Aditya

Please rate helpful and mark correct answers

0 Helpful

trodecke
Level 1
Level 1
In response to Aditya Ganjoo

‎07-19-2017 08:49 AM

It's sent.  Thanks!

0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to trodecke

‎07-21-2017 12:47 AM

Hi,

I went through the DART file.

I did not find any anomalies except some socket issues which are normally due to the Drivers on the PC.

Also may I know how is the user trying to access the Anyconnect, is it a wired or a wireless connection?

Regards,

Aditya

Please rate helpful and mark correct answers

0 Helpful

trodecke
Level 1
Level 1
In response to Aditya Ganjoo

‎07-21-2017 05:56 AM

I believe it's a WiFi connection as this is mostly done from her house.  Also,  it's not 100% of the time or even a majority of the time.  It's very intermittent.

0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to trodecke

‎07-21-2017 07:28 AM

Hi,

That may be one of the reasons behind this.

Is it a possibility if we can try with a wired connection or a hotspot?

Regards,

Aditya

Please rate helpful and mark correct answers

0 Helpful

trodecke
Level 1
Level 1
In response to Aditya Ganjoo

‎07-21-2017 07:42 AM

I can ask but I doubt it.  The biggest problem is she's in Los Angeles and I'm in Oklahoma City so adding the personal touch is somewhat difficult. :)   The best we can probably get is to have her bring her laptop into a local office in Los Angeles and test from there but since this is a very intermittent issue,  there's no guaranty that she'll experience the issue while she's in the office.

Thanks!  I really appreciate your time and effort and suggestions on this.

0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to trodecke

‎07-21-2017 08:10 AM

Hi,

Yes it may be difficult to reproduce the issue.

But you can ask her to update the PC drivers and check if it makes any difference.

But it seems more a connectivity issue :)

Always happy to help.

Regards,

Aditya

Please rate helpful and mark correct answers

0 Helpful

Akif
Level 1
Level 1
In response to Aditya Ganjoo

‎10-14-2021 05:22 AM

Hi I have a VPN launching issue.

 

It takes 2 mins of wait when I open VPN from shortcut or from the vpngui.

I can't solve it on windows 10 and 8.

Kindly help my.

0 Helpful

Rob Ingram
VIP
VIP

‎07-19-2017 01:19 PM

If you aren't going to be updating the AnyConnect client from the ASA in future, you could possibly try disabling checking for updates.This would be local to the user with the issue not a global settings.

You need to modify the C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\AnyConnectLocalPolicy.xml file directly and set BypassDownloader to true

0 Helpful
Customers Also Viewed These Support Documents