cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
14485
Views
0
Helpful
11
Replies

Incredibly long time for AnyConnect client to complete VPN Login

trodecke
Level 1
Level 1

We're having an issue with one particular user that when she initiates a VPN connection,  it can take up to 11 minutes to complete the process.  According to the AnyConnect logs,  the area where it gets stuck is where the AnyConnect downloader is performing update checks.  In the most recent incident,  that entry shows in the logs and then, 9 1/2 minutes later, the next log entry says checking for profile updates.  We're fairly certain that the ASA isn't actually downloading anything to the client.  The client installed on her laptop is version 4.3 and the image we check for on the ASA is 3.1.0.  We also don't have any of the additional checks enabled (file versions, registry entries, etc).  In fact, the Secure Desktop Manager section of the ASA is totally blank and has no configuration at all.  This doesn't happen all the time but does happen fairly regularly, at least twice a week.

I've tried watching the ASA logs while someone connects with the AnyConnect client but even with the logging set to debug levels,  I get no indication of what's actually taking place on the client during the connection process except when phase 1 and phase 2 are completed and radius authentication is successful.

Has anyone ever seen anything like this before or,  does anyone have any ideas as to where we can go to start checking what might be causing this delay?

Here's some more information about the connection;

ASA ASA 5508X running version 9.6(2)

AnyConnect Client version 4.3.01095

IPsec (IKE v2) tunnel (SSL is disabled)

Thanks!

11 Replies 11

Aditya Ganjoo
Cisco Employee
Cisco Employee

Hi,

Does it happen for any other user?

Please share the DART file for that user:

https://supportforums.cisco.com/document/12747756/how-collect-dart-bundle-anyconnect

Regards,

Aditya

Please rate helpful and mark correct answers

Hi Aditya.  We have no reports of this happening to other users,  at least not to this extent.  Of the 500 or so VPN users we have, I polled ~50 of them and the consensus was that the VPN client connected in less than 30 seconds.  

I have the DART file for this users but there's too much sensitive information in it to post publicly.  Can you provide a Cisco e-mail address I can send it to?   I would open a ticket but the user is in a different state and can't give up her laptop for troubleshooting purposes.

Hi,

You can share the DART on my Cisco Email: adganjoo@cisco.com

Regards,

Aditya

Please rate helpful and mark correct answers

It's sent.  Thanks!

Hi,

I went through the DART file.

I did not find any anomalies except some socket issues which are normally due to the Drivers on the PC.

Also may I know how is the user trying to access the Anyconnect, is it a wired or a wireless connection?

Regards,

Aditya

Please rate helpful and mark correct answers

I believe it's a WiFi connection as this is mostly done from her house.  Also,  it's not 100% of the time or even a majority of the time.  It's very intermittent.

Hi,

That may be one of the reasons behind this.

Is it a possibility if we can try with a wired connection or a hotspot?

Regards,

Aditya

Please rate helpful and mark correct answers

I can ask but I doubt it.  The biggest problem is she's in Los Angeles and I'm in Oklahoma City so adding the personal touch is somewhat difficult. :)   The best we can probably get is to have her bring her laptop into a local office in Los Angeles and test from there but since this is a very intermittent issue,  there's no guaranty that she'll experience the issue while she's in the office.

Thanks!  I really appreciate your time and effort and suggestions on this.

Hi,

Yes it may be difficult to reproduce the issue.

But you can ask her to update the PC drivers and check if it makes any difference.

But it seems more a connectivity issue :)

Always happy to help.

Regards,

Aditya

Please rate helpful and mark correct answers

Hi I have a VPN launching issue.

 

It takes 2 mins of wait when I open VPN from shortcut or from the vpngui.

I can't solve it on windows 10 and 8.

Kindly help my.

If you aren't going to be updating the AnyConnect client from the ASA in future, you could possibly try disabling checking for updates.This would be local to the user with the issue not a global settings.

You need to modify the C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\AnyConnectLocalPolicy.xml file directly and set BypassDownloader to true