Re: Intermittent anyconnect problem. Only connects to gateway IP, not hostname.

olbjon · ‎12-14-2017

I'm suffering from a bizarre problem with Anyconnect V3.1 and my ASA5520. Every few days people will not be able to connect. The client is setup to connect to vpn.companyname.com. The users will attempt to connect (I can see packets being exchanged between the internet interface of the ASA and the client) but the client will timeout and give the error message "...network or PC issue". The client is able to resolve the DNS name (vpn.companyname.com) to the correct IP address of the gateway, and is able to ping that address.

If I change the gateway from vpn.company.com to the IP address that DNS entry points towards, it connects straight away.

This issue will occur for a few hours and then resolve itself without any configuration changes being made to the ASA, client or DNS server. Any ideas on where I should be looking? Or what can cause this behaviour?

johnd2310 · ‎12-14-2017

Hi,

How many dns servers do you have for external resolution? Is reverse lookup working for vpn.companyname.com? any firewalls involved between dns and external user?

thanks

John

**Please rate posts you find helpful**

olbjon · ‎12-17-2017

I'll have to double check with the person who looks after DNS about the number of servers involved. Reverse route isn't configured and there are no firewalls between the dns and external user.

GioGonza · ‎12-15-2017

Hello @olbjon,

It will be better to have the DART in order to know the reasons for the disconnection, run the DART and attach the file for further review.

HTH

Gio