So is the problem with the Cisco AnyConnect VPN client or with the IOS? Or is it both the Cisco AnyConnect client and the IOS? We are running AnyConnect 2.5.3055 and IOS 12.4T(24) on one of our ISRs and have not been able to get Windows XP SP3, Vista or WIndows 7 clients using AnyConnect 2.5.3055 to connect when they have the KB2585542 installed.
Does Cisco monitor and respond to these Discussions? If so, a response of some kind would be appreciated!
The problem is with IOS and there is a defect filed against IOS for that:
The bug id is CSCtx38806
Any of the following workarounds will work: 1)Use the clientless portal to start the client- this only works in some versions of IOS. 2)Uninstall the update 3) Use rc4 - is a less secure encryption option, if this meets your security needs, then you may use it as following: webvpn gateway
ssl encryption rc4-md5 4) use AC 2.5.3046 or 3.0.3054 for anyconnect For anyconnect users, the user error message is : "Connection attempt has failed due to server communication errors. Please retry the connection" The anyconnect event log will show the following error message snippet: Function: ConnectIfc::connect Invoked Function: ConnectIfc::handleRedirects Description: CONNECTIFC_ERROR_HTTP_MAX_REDIRS_EXCEEDED
on ASA for the majority, there are no issues, but some isolate incidents have been seen.
This tracked using the defect:
Are you seeing any issues with ASA ?
Thank you Thomas, this has helped us to get our users connected using the AnyConnect Client (2.5.3046), however we now find that users cannot connect to the website on the router. Do you know where I can find out what version of the IOS we can run so that our users can connect to the web site of the router?
We have confirmed that it is the KB2585542 update that is preventing our users from connecting to the web site by removing the update and trying to connect.
Does disabling the KB fix resolve the problem even with ASA 22.214.171.124 ?
without looking at the ssl stream with private key exported and the ASA debugs/logs, its hard to say its a new issues.
It would be best to open a TAC case so that this can be further analyzed and new bug opened if this is a new defect.