Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
4578
Views
5
Helpful
1
Replies

Instable Anyconnect VPN session

ciscoprolin
Level 1
Level 1

‎02-08-2016 02:25 AM - edited ‎02-21-2020 08:40 PM

Dear All,

our customer who is connected to our Network via VPN from his AnyConnect Client to our ASA.

The customer is complaining that while he is working in the SAP System (via the VPN link) he gets the following Errors:

WSAECONNRESET

(10054)

Connection reset by peer.

A existing connection was forcibly closed by the remote host. This normally results if the peer application on the remote host is suddenly stopped, the host is rebooted, or the remote host used a "hard close" (see setsockopt for more information on the SO_LINGERoption on the remote socket.)

At the same time we have the following Log entries on the ASA which show that the connection seems to have staled out at 13:33:16 and then at 13:43:08 there was a request to resume the session.

The user complained that at about 13:41 he got the SAP message "Connection reset by peer".

Question: Is is true that between 13:33 and 13:43 the VPN session was down ? Interestingly the customer said his AnyConnect Client Log doesn't Show the Connection was broken at any time.Do you have an idea what could cause this behavior ? Maybe a broken Internet Connection ? And what can be done to improve the stability of the VPN Connections to avoid These Connection issues ?

Any help would be appreciated. Thanks, Thorsten

Relevant Log entries:

5|Feb 05 2016|13:43:08|722028|||||Group <UniBonn-Urzextern> User <smith> IP <194.230.159.117> Stale SVC connection closed.
5|Feb 05 2016|13:43:08|722028|||||Group <UniBonn-Urzextern> User <smith> IP <194.230.159.117> Stale SVC connection closed.
6|Feb 05 2016|13:43:08|725007|194.230.159.117|30815|||SSL session with client outside:194.230.159.117/30815 terminated.
6|Feb 05 2016|13:43:08|725007|194.230.159.117|30815|||SSL session with client outside:194.230.159.117/30815 terminated.
6|Feb 05 2016|13:43:08|722022|||||Group <UniBonn-Urzextern> User <smith> IP <194.230.159.117> UDP SVC connection established without compression
6|Feb 05 2016|13:43:08|722022|||||Group <UniBonn-Urzextern> User <smith> IP <194.230.159.117> UDP SVC connection established without compression
5|Feb 05 2016|13:43:08|722032|||||Group <UniBonn-Urzextern> User <smith> IP <194.230.159.117> New UDP SVC connection replacing old connection.
5|Feb 05 2016|13:43:08|722032|||||Group <UniBonn-Urzextern> User <smith> IP <194.230.159.117> New UDP SVC connection replacing old connection.
6|Feb 05 2016|13:43:08|725002|194.230.159.117|30814|||Device completed SSL handshake with client outside:194.230.159.117/30814
6|Feb 05 2016|13:43:08|725002|194.230.159.117|30814|||Device completed SSL handshake with client outside:194.230.159.117/30814
6|Feb 05 2016|13:43:08|725003|194.230.159.117|30814|||SSL client outside:194.230.159.117/30814 request to resume previous session.
6|Feb 05 2016|13:43:08|725003|194.230.159.117|30814|||SSL client outside:194.230.159.117/30814 request to resume previous session.
6|Feb 05 2016|13:43:08|725001|194.230.159.117|30814|||Starting SSL handshake with client outside:194.230.159.117/30814 for DTLSv1 session.
6|Feb 05 2016|13:43:08|725001|194.230.159.117|30814|||Starting SSL handshake with client outside:194.230.159.117/30814 for DTLSv1 session.
6|Feb 05 2016|13:43:08|725001|194.230.159.117|30814|||Starting SSL handshake with client outside:194.230.159.117/30814 for DTLSv1 session.
6|Feb 05 2016|13:43:08|725001|194.230.159.117|30814|||Starting SSL handshake with client outside:194.230.159.117/30814 for DTLSv1 session.
6|Feb 05 2016|13:42:33|110003|131.220.5.244|0|131.220.220.34|0|Routing failed to locate next hop for icmp from outside:131.220.5.244/0 to outside:131.220.2.34/0
6|Feb 05 2016|13:42:33|110003|131.220.5.244|0|131.220.220.34|0|Routing failed to locate next hop for icmp from outside:131.220.5.244/0 to outside:131.220.2.34/0
6|Feb 05 2016|13:40:32|110003|131.220.5.244|0|131.220.2.34|0|Routing failed to locate next hop for icmp from outside:131.220.5.244/0 to outside:131.220.2.34/0
6|Feb 05 2016|13:40:32|110003|131.220.5.244|0|131.220.2.34|0|Routing failed to locate next hop for icmp from outside:131.220.5.244/0 to outside:131.220.2.34/0
6|Feb 05 2016|13:39:42|302010|||||44 in use, 554 most used
6|Feb 05 2016|13:39:42|302010|||||44 in use, 554 most used
6|Feb 05 2016|13:38:32|110003|131.220.5.244|0|131.220.2.34|0|Routing failed to locate next hop for icmp from outside:131.220.5.244/0 to outside:131.220.2.34/0
6|Feb 05 2016|13:38:32|110003|131.220.5.244|0|131.2202.34|0|Routing failed to locate next hop for icmp from outside:131.220.5.244/0 to outside:131.220.2.34/0
6|Feb 05 2016|13:37:33|110002|131.220.29.32|59811|||Failed to locate egress interface for UDP from outside:131.220.29.32/59811 to 239.255.255.250/1900
6|Feb 05 2016|13:37:33|110002|131.220.29.32|59811|||Failed to locate egress interface for UDP from outside:131.220.29.32/59811 to 239.255.255.250/1900
6|Feb 05 2016|13:37:21|110002|131.220.29.32|59811|||Failed to locate egress interface for UDP from outside:131.220.29.32/59811 to 239.255.255.250/1900
6|Feb 05 2016|13:37:21|110002|131.220.29.32|59811|||Failed to locate egress interface for UDP from outside:131.220.29.32/59811 to 239.255.255.250/1900
6|Feb 05 2016|13:36:33|110003|131.220.5.244|0|131.220.2.34|0|Routing failed to locate next hop for icmp from outside:131.220.5.244/0 to outside:131.220.2.34/0
6|Feb 05 2016|13:36:33|110003|131.220.5.244|0|131.220.2.34|0|Routing failed to locate next hop for icmp from outside:131.220.5.244/0 to outside:131.220.2.34/0
6|Feb 05 2016|13:34:32|110003|131.220.5.244|0|131.220.2.34|0|Routing failed to locate next hop for icmp from outside:131.220.5.244/0 to outside:131.220.2.34/0
6|Feb 05 2016|13:34:32|110003|131.220.5.244|0|131.220.2.34|0|Routing failed to locate next hop for icmp from outside:131.220.5.244/0 to outside:131.220.2.34/0
5|Feb 05 2016|13:33:16|722028|||||Group <UniBonn-Urzextern> User <smith> IP <194.230.159.117> Stale SVC connection closed.
5|Feb 05 2016|13:33:16|722028|||||Group <UniBonn-Urzextern> User <smith> IP <194.230.159.117> Stale SVC connection closed.
6|Feb 05 2016|13:33:16|725007|194.230.159.117|30816|||SSL session with client outside:194.230.159.117/30816 terminated.
6|Feb 05 2016|13:33:16|725007|194.230.159.117|30816|||SSL session with client outside:194.230.159.117/30816 terminated.

Labels:
0 Helpful
1 Reply 1

JP Miranda Z
Cisco Employee
Cisco Employee

‎02-09-2016 07:31 AM

Is is true that between 13:33 and 13:43 the VPN session was down ?

Yes, the session came down and then resume the connection

Interestingly the customer said his AnyConnect Client Log doesn't Show the Connection was broken at any time.Do you have an idea what could cause this behavior ?

These are the logs showing the disconnection:

5|Feb 05 2016|13:43:08|722028|||||Group <UniBonn-Urzextern> User <smith> IP <194.230.159.117> Stale SVC connection closed.
6|Feb 05 2016|13:43:08|725007|194.230.159.117|30815|||SSL session with client outside:194.230.159.117/30815 terminated.
6|Feb 05 2016|13:43:08|725007|194.230.159.117|30815|||SSL session with client outside:194.230.159.117/30815 terminated.
6|Feb 05 2016|13:43:08|722022|||||Group <UniBonn-Urzextern> User <smith> IP <194.230.159.117> UDP SVC connection established without compression
6|Feb 05 2016|13:43:08|722022|||||Group <UniBonn-Urzextern> User <smith> IP <194.230.159.117> UDP SVC connection established without compression
5|Feb 05 2016|13:43:08|722032|||||Group <UniBonn-Urzextern> User <smith> IP <194.230.159.117> New UDP SVC connection replacing old connection.
5|Feb 05 2016|13:43:08|722032|||||Group <UniBonn-Urzextern> User <smith> IP <194.230.159.117> New UDP SVC connection replacing old connection.
6|Feb 05 2016|13:43:08|725002|194.230.159.117|30814|||Device completed SSL handshake with client outside:194.230.159.117/30814
6|Feb 05 2016|13:43:08|725002|194.230.159.117|30814|||Device completed SSL handshake with client outside:194.230.159.117/30814
6|Feb 05 2016|13:43:08|725003|194.230.159.117|30814|||SSL client outside:194.230.159.117/30814 request to resume previous session.
6|Feb 05 2016|13:43:08|725003|194.230.159.117|30814|||SSL client outside:194.230.159.117/30814 request to resume previous session.

Maybe a broken Internet Connection ?

Could be because a DTLS problems on the path or internet connectivity issue.

And what can be done to improve the stability of the VPN Connections to avoid These Connection issues ?

Get a DART from the client perspective in order to isolate the issue or try disabling DTLS on the group policy in order to find out if you have a problem on the path with DTLS.

You can also set up a logging just for AnyConnect:

logging class svc 7

logging buffered 7

logging enable

-JP-

Customers Also Viewed These Support Documents
Top