Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
52310
Views
25
Helpful
6
Replies

SSL VPN Anyconnect client MTU issue

Tupe_kunal
Level 1
Level 1

‎01-26-2015 10:12 PM - edited ‎02-21-2020 08:02 PM

Hi All,

 

I am facing an issue while i connect to a few of my remote sites through SSL VPN Anyconnect. (other locations don't show this error)

The error comes up within 2 mins after i am connected.

Attached is the snapshot.

 

Note:- Few locations have ASA and a rest Cisco 2811 routers.

 

Error:-

 

The clients MTU configuration sent from the secure gateway is too small.

A value of at least 1280 is required in order to tunnel IPv6 traffic.

Please contact your network administrator.

6 people had this problem
Labels:
Preview file
58 KB
0 Helpful
6 Replies 6

Poonam Garg
Level 3
Level 3

‎01-28-2015 06:35 AM

Hi Kunal,

Its a bug, seen using AnyConnect 3.1.05160 and ASA version 9.1(5), with physical interface MTU between1357 and 1368.

 

Workaround:
Increase the MTU of the physical adapter used for the VPN connection to be 1366 or higher.
 

Please refer this link.

https://tools.cisco.com/quickview/bug/CSCuo93772

https://tools.cisco.com/bugsearch/bug/CSCug14204/?referring_site=bugqvinvisibleredir

HTH

"Please rate useful posts"

 

Tupe_kunal
Level 1
Level 1
In response to Poonam Garg

‎01-28-2015 08:21 AM

Hi Poonam,

 

How do i change the MTU of the physical adapter ?

Please guide me the procedure.

Thanks.

 

Regards,

Kunal Tupe

 

 

0 Helpful

Poonam Garg
Level 3
Level 3
In response to Tupe_kunal

‎01-29-2015 01:29 AM

Hi Kunal,

To show current MTU on Windows 7 or Windows Vista, from a command prompt:

C:\Users\Poonam>netsh interface ipv4 show subinterfaces

To change the MTU for an adapter use the following command example:

C:\Users\Poonam>netsh interface ipv4 set subinterface "Local Area Connection" mtu=1458 store=persistent

HTH

"Please rate helpful posts"

Tupe_kunal
Level 1
Level 1
In response to Poonam Garg

‎01-31-2015 02:05 AM

Hi Poonam,

 

Will test this on users Laptop/PC and let you know.

Thanks !!! :) 

 

Regards,

Kunal Tupe

0 Helpful

klint.price1
Level 1
Level 1

‎04-27-2016 04:38 PM

This error also occurs on an Apple IOS device using the AnyConnect client under the following condition:

If your MTU is correctly set (as described in other responses below), and Phone is in "low power" mode, due to low battery power. Typically this Low Power is enabled manually or when the phone goes below 20% power, and ends when the phone is charged back up to 80% or so, or set back to normal power.

Steps to reproduce:

1. have phone in "low power" mode (settings > battery > low power mode)

2. Connect to VPN

3. wait for screen to lock due to inactivity

4. unlock the phone, you will see the same error.

5. It errors out because in low power mode, when the screen lock comes on, it disconnects the network to save power.

It took me a bit to figure out this "uh, duh!" moment.

0 Helpful

bvramakrishna
Level 1
Level 1

‎07-06-2017 12:10 PM

You may get this error when you are trying to use the software VPN on an IPv6 network. The software will work on these networks, but you must use the IPv4 protocol settings and disable IPv6. This issue primarily affects Windows users.

Follow these steps to turn off IPv6 protocol in the Cisco Anyconnect VPN client.


  1. Select the Start button and then select the Control Panel
  2. Under the Network and Internet category, select the Network and Sharing Center
  3. In the left-hand panel select Change Adapter Settings.
  4. Right click on the "Cisco AnyConnect Secure Mobility Client Connection" and select "Properties"
  5. Uncheck the "Internet Protocol Version 6 (TCP/IP v6)" box and click OK.

Ref: https://uci.service-now.com/kb_view.do?sysparm_article=KB0010341

Customers Also Viewed These Support Documents