Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13774
Views
0
Helpful
7
Replies

vpn any connect (4.4) reconnecting

FedeSaraullo
Level 1
Level 1

‎05-04-2017 08:45 AM

Hello everyone! I have a  problem trying to connect to vpn by any connect client 4.3 version, in  Ubuntu 12.04 so.

At first, It connects well ( assigns ip address ok) but no connectivity to the LAN. Then about 1 minute the vpn client stays in reconnecting state. 

The ASA version is 9.4(2).

May 4 11:37:19 vpn.com.ar %ASA-6-113039: Group <GP-CORPORATIVO> User <user1> IP <x.x.x.x> AnyConnect parent session started.
May 4 11:37:19 vpn.com.ar %ASA-6-725016: Device selects trust-point SRV-VPN-LE-04-2017 for client outside:x.x.x.x/58658 to x.x.x.x/443
May 4 11:37:19 vpn.com.ar %ASA-6-302013: Built inbound TCP connection 12079006 for outside:x.x.x.x/58661 (x.x.x.x/58661) to identity:x.x.x.x/443 (x.x.x.x/443)
May 4 11:37:19 vpn.com.ar %ASA-6-725001: Starting SSL handshake with client outside:x.x.x.x/58661 to x.x.x.x/443 for TLS session
May 4 11:37:19 vpn.com.ar %ASA-6-725016: Device selects trust-point SRV-VPN-LE-04-2017 for client outside:x.x.x.x/58661 to x.x.x.x/443
May 4 11:37:19 vpn.com.ar %ASA-6-725002: Device completed SSL handshake with client outside:x.x.x.x/58661 to x.x.x.x/443 for TLSv1.2 session
May 4 11:37:19 vpn.com.ar %ASA-4-722041: TunnelGroup <CORPORATIVO> GroupPolicy <GP-CORPORATIVO> User <user1> IP <x.x.x.x> No IPv6 address available for SVC connection
May 4 11:37:19 vpn.com.ar %ASA-5-722033: Group <GP-CORPORATIVO> User <user1> IP <x.x.x.x> First TCP SVC connection established for SVC session.
May 4 11:37:19 vpn.com.ar %ASA-6-722022: Group <GP-CORPORATIVO> User <user1> IP <x.x.x.x> TCP SVC connection established without compression
May 4 11:37:19 vpn.com.ar %ASA-6-722055: Group <GP-CORPORATIVO> User <user1> IP <x.x.x.x> Client Type: Cisco AnyConnect VPN Agent for Linux 4.4.02039
May 4 11:37:19 vpn.com.ar %ASA-4-722051: Group <GP-CORPORATIVO> User <user1> IP <x.x.x.x> IPv4 Address <10.3.0.13> IPv6 address <::> assigned to session
May 4 11:37:59 vpn.com.ar %ASA-6-302013: Built inbound TCP connection 12080263 for outside:x.x.x.x/65280 (x.x.x.x/65280) to DMZ-INTERNET:x.x.x.x/443 (200.45.27.230/443)
May 4 11:38:05 vpn.com.ar %ASA-6-302014: Teardown TCP connection 12080263 for outside:x.x.x.x/65280 to DMZ-INTERNET:x.x.x.x/443 duration 0:00:05 bytes 20217 TCP FINs
May 4 11:39:00 vpn.com.ar %ASA-6-302013: Built inbound TCP connection 12081870 for outside:x.x.x.x/65320 (x.x.x.x/65320) to DMZ-INTERNET:x.x.x.x/443 (200.45.27.230/443)
May 4 11:39:01 vpn.com.ar %ASA-6-302013: Built inbound TCP connection 12081878 for outside:x.x.x.x/65323 (x.x.x.x/65323) to DMZ-INTERNET:x.x.x.x/443 (200.45.27.230/443)
May 4 11:39:02 vpn.com.ar %ASA-6-302014: Teardown TCP connection 12081870 for outside:x.x.x.x/65320 to DMZ-INTERNET:x.x.x.x/443 duration 0:00:01 bytes 16213 TCP FINs

Thanks a lot!

Labels:
0 Helpful
7 Replies 7

Mohammed al Baqari
Level 11
Level 11

‎05-04-2017 08:56 AM

Hi,

Can you reduce the MTU value of you AnyConnect session using the command below. Test and see if it resolves the problem. Another option is try to disable DTLS

group-policy ac_users_group attributes
 webvpn
  anyconnect mtu 1300
0 Helpful

FedeSaraullo
Level 1
Level 1
In response to Mohammed al Baqari

‎05-04-2017 11:30 AM

Hello mohammed! I have just configured as you told me but it´s not work..

ASAITALTEL(config-group-webvpn)# sh run group-policy GP-CORPORATIVO
group-policy GP-CORPORATIVO internal
group-policy GP-CORPORATIVO attributes
dns-server value 10.0.0.5
vpn-idle-timeout 180
vpn-tunnel-protocol ikev1 ikev2 ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value ACL_VPN_SPLIT_CORPORATIVO
default-domain value italtel.com.ar
webvpn
anyconnect ssl dtls none
anyconnect mtu 1331
anyconnect ssl keepalive 15
anyconnect dpd-interval client 5
anyconnect dpd-interval gateway 5
anyconnect ssl compression none
anyconnect ask enable
anyconnect ssl df-bit-ignore enable

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to FedeSaraullo

‎05-04-2017 11:35 AM

Use DART and try to look at the logs to see the reason for disconnection.

0 Helpful

FedeSaraullo
Level 1
Level 1
In response to Mohammed al Baqari

‎05-04-2017 01:44 PM

Hi Mohammed! I could install DART, and here you can see the problem:

May 4 17:16:00 iqac099004 acvpnui[3891]: Message type information sent to the user: Establishing VPN...
May 4 17:16:00 iqac099004 acvpnagent[3373]: The VPN connection has been established and can now pass data.
May 4 17:16:00 iqac099004 acvpnagent[3373]: The Primary DTLS connection to the secure gateway is being established.
May 4 17:16:00 iqac099004 acvpnagent[3373]: Function: initiateTransport File: ../../vpn/Agent/DtlsTunnelTransport.cpp Line: 222 Opened DTLS socket from [10.3.0.17]:46672 to [x.x.x.x]:443
May 4 17:16:00 iqac099004 acvpnui[3891]: VPN state: Connected Network state: Network Accessible Network control state: Network Access: Restricted Network type: Undefined
May 4 17:16:00 iqac099004 acvpnui[3891]: Using default preferences. Some settings (e.g. certificate matching) may not function as expected if a local profile is expected to be used. Verify that the selected host is in the server list section of the profile and that the profile is configured on the secure gateway.
May 4 17:16:00 iqac099004 acvpnui[3891]: Function: getProfileNameFromHost File: ../../vpn/Api/ProfileMgr.cpp Line: 808 No profile available for host vpn.italtel.com.ar.
May 4 17:16:00 iqac099004 acvpnui[3891]: Function: getHostInitSettings File: ../../vpn/Api/ProfileMgr.cpp Line: 888 Profile () not found. Using default settings.
May 4 17:16:00 iqac099004 acvpnui[3891]: Message type information sent to the user: Connected to vpn.italtel.com.ar.
May 4 17:16:00 iqac099004 acvpnagent[3373]: A routing table change notification has been received. Starting automatic correction of the routing table.
May 4 17:16:00 iqac099004 acvpndownloader[4069]: Function: WaitForCompletion File: ../../vpn/Common/Utility/Thread.cpp Line: 286 The thread has successfully completed execution.
May 4 17:16:00 iqac099004 acvpndownloader[4069]: Cisco AnyConnect Secure Mobility Client Downloader (VPN) exiting, version 4.4.02039 , return code 0 [0x00000000]
May 4 17:16:00 iqac099004 acvpnui[3891]: Function: launchCachedDownloader File: ../../vpn/Api/ConnectMgr.cpp Line: 7171 Invoked Function: ConnectMgr :: launchCachedDownloader Return Code: 0 (0x00000000) Description: Cached Downloader terminated normally
May 4 17:16:00 iqac099004 acvpnui[3891]: Using default preferences. Some settings (e.g. certificate matching) may not function as expected if a local profile is expected to be used. Verify that the selected host is in the server list section of the profile and that the profile is configured on the secure gateway.
May 4 17:16:00 iqac099004 acvpnui[3891]: Function: getProfileNameFromHost File: ../../vpn/Api/ProfileMgr.cpp Line: 808 No profile available for host vpn.italtel.com.ar.
May 4 17:16:00 acvpnui[3891]: last message repeated 2 times
May 4 17:16:00 iqac099004 acvpnui[3891]: Function: reloadPreferencesAfterUpdates File: ../../vpn/Api/ConnectMgr.cpp Line: 9665 Secure gateway (vpn.italtel.com.ar) was not found in profile .
May 4 17:16:00 iqac099004 acvpnui[3891]: Function: getProfileNameFromHost File: ../../vpn/Api/ProfileMgr.cpp Line: 808 No profile available for host vpn.italtel.com.ar.
May 4 17:16:00 iqac099004 acvpnui[3891]: Function: getHostInitSettings File: ../../vpn/Api/ProfileMgr.cpp Line: 888 Profile () not found. Using default settings.
May 4 17:16:00 iqac099004 acvpnui[3891]: VPN state: Connected Network state: Network Accessible Network control state: Network Access: Restricted Network type: Undefined
May 4 17:16:00 iqac099004 acvpnagent[3373]: Automatic correction of the routing table has been successful.
May 4 17:16:00 iqac099004 acvpnagent[3373]: Function: OnIpcMessageReceived File: ../../vpn/Common/IPC/IPCDepot.cpp Line: 1070 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -33292279 (0xFE040009) Description: IPCTRANSPORT_ERROR_UNEXPECTED
May 4 17:16:00 iqac099004 acvpnagent[3373]: Function: writeSocketBlocking File: ../../vpn/Common/IPC/UdpTcpTransports_unix.cpp Line: 426 Invoked Function: ::write Return Code: 104 (0x00000068) Description: unknown
May 4 17:16:00 iqac099004 acvpnagent[3373]: Function: terminateIpcConnection File: ../../vpn/Common/IPC/IPCTransport.cpp Line: 416 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31588341 (0xFE1E000B) Description: SOCKETTRANSPORT_ERROR_WRITE
May 4 17:16:00 iqac099004 acvpnui[3891]: Message type information sent to the user: Connected to vpn.italtel.com.ar.
May 4 17:16:02 iqac099004 acvpnagent[3373]: A routing table change notification has been received. Starting automatic correction of the routing table.
May 4 17:16:02 iqac099004 acvpnagent[3373]: Automatic correction of the routing table has been successful.
May 4 17:16:03 iqac099004 ntpd[2203]: Listen normally on 8 cscotun0 10.3.0.17 UDP 123
May 4 17:16:03 iqac099004 ntpd[2203]: Listen normally on 9 cscotun0 fe80::22ff:78f4:4393:84e1 UDP 123
May 4 17:16:03 iqac099004 ntpd[2203]: peers refreshed
May 4 17:16:03 iqac099004 ntpd[2203]: new interface(s) found: waking up resolver
May 4 17:16:03 iqac099004 pulseaudio[1323]: [pulseaudio] protocol-native.c: Denied access to client with invalid authorization data.
May 4 17:16:08 iqac099004 pulseaudio[1323]: [pulseaudio] protocol-native.c: Denied access to client with invalid authorization data.
May 4 17:16:09 iqac099004 snmpd[1274]: IfIndex of an interface changed.
May 4 17:16:13 iqac099004 pulseaudio[1323]: [pulseaudio] protocol-native.c: Denied access to client with invalid authorization data.
May 4 17:16:15 iqac099004 acvpnagent[3373]: Function: OnTimerExpired File: ../../vpn/Agent/TunnelProtocolDpdMgr.cpp Line: 296 Invoked Function: CTunnelProtocolDpdMgr::handleExpiredDPD Return Code: -26017782 (0xFE73000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure gateway failed to respond to Dead Peer Detection packets. SSL/CSTP
May 4 17:16:15 iqac099004 acvpnagent[3373]: Function: OnTunnelStatusChange File: ../../vpn/Agent/TunnelStateMgr.cpp Line: 1362 Invoked Function: Tunnel status change callback status Return Code: -26017782 (0xFE73000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure gateway failed to respond to Dead Peer Detection packets. SSL
May 4 17:16:15 iqac099004 acvpnagent[3373]: Tunnel level reconnect reason code 6: Disruption of the VPN connection to the secure gateway. Caching the default reconnect reason for SSL
May 4 17:16:15 iqac099004 acvpnagent[3373]: The Primary SSL connection to the secure gateway is being re-established.
May 4 17:16:15 iqac099004 acvpnagent[3373]: The VPN client has sent the following close message to the gateway: Reconnecting to recover from error.
May 4 17:16:15 iqac099004 acvpnagent[3373]: A SSL Alert was sent by the client during a write operation. Severity: warning Description: close notify
May 4 17:16:15 iqac099004 acvpnui[3891]: VPN state: Reconnecting Network state: Network Accessible Network control state: Network Access: Restricted Network type: Undefined
May 4 17:16:15 iqac099004 acvpnui[3891]: Message type information sent to the user: Reconnecting to vpn.italtel.com.ar...
May 4 17:16:15 iqac099004 acvpnagent[3373]: Function: STLoadLibrary File: ../../vpn/Common/Utility/Win/HModuleMgr.cpp Line: 149 Invoked Function: dlopen Return Code: 0 (0x00000000) Description: libz.so: cannot open shared object file: No such file or directory
May 4 17:16:15 iqac099004 acvpnagent[3373]: Function: LoadLibrary File: ../../vpn/Agent/CZLib.cpp Line: 242 Invoked Function: CHModuleMgr::STLoadLibrary Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED
May 4 17:16:15 iqac099004 acvpnagent[3373]: Function: CCstpProtocol File: ../../vpn/Agent/CstpProtocol.cpp Line: 309 Invoked Function: CZLib Return Code: -31981557 (0xFE18000B) Description: CZLIB_ERROR_LOAD_LIBRARY
May 4 17:16:18 iqac099004 pulseaudio[1323]: [pulseaudio] protocol-native.c: Denied access to client with invalid authorization data.
May 4 17:16:23 iqac099004 acvpnagent[3373]: Function: OnTransportInitiateComplete File: ../../vpn/Agent/SslTunnelTransport.cpp Line: 363 Invoked Function: CTcpTransport::initiateTransport Return Code: -31588316 (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
May 4 17:16:23 iqac099004 acvpnagent[3373]: Function: OnTransportInitiateComplete File: ../../vpn/Agent/TlsProtocol.cpp Line: 549 Invoked Function: CSocketTransport::initiateTransport Return Code: -31588316 (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
May 4 17:16:23 iqac099004 acvpnagent[3373]: Function: OnTunnelInitiateComplete File: ../../vpn/Agent/CstpProtocol.cpp Line: 1258 Invoked Function: OnTunnelInitiateComplete Return Code: -31588316 (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT callback
May 4 17:16:23 iqac099004 acvpnagent[3373]: Function: OnTunnelInitiateComplete File: ../../vpn/Agent/TunnelStateMgr.cpp Line: 1210 Invoked Function: Initiate tunnel callback status Return Code: -31588316 (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT SSL tunnel state 4
May 4 17:16:23 iqac099004 acvpnagent[3373]: Function: terminateTunnel File: ../../vpn/Agent/CstpProtocol.cpp Line: 500 Tunnel going down without close-message being sent
May 4 17:16:23 iqac099004 acvpnagent[3373]: Function: OnTimerExpired File: ../../vpn/Common/IPC/SocketTransport.cpp Line: 1685 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31588316 (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
May 4 17:16:23 iqac099004 pulseaudio[1323]: [pulseaudio] protocol-native.c: Denied access to client with invalid authorization data.
May 4 17:16:25 iqac099004 acvpnagent[3373]: Function: STLoadLibrary File: ../../vpn/Common/Utility/Win/HModuleMgr.cpp Line: 149 Invoked Function: dlopen Return Code: 0 (0x00000000) Description: libz.so: cannot open shared object file: No such file or directory
May 4 17:16:25 iqac099004 acvpnagent[3373]: Function: LoadLibrary File: ../../vpn/Agent/CZLib.cpp Line: 242 Invoked Function: CHModuleMgr::STLoadLibrary Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED
May 4 17:16:25 iqac099004 acvpnagent[3373]: Function: CCstpProtocol File: ../../vpn/Agent/CstpProtocol.cpp Line: 309 Invoked Function: CZLib Return Code: -31981557 (0xFE18000B) Description: CZLIB_ERROR_LOAD_LIBRARY
May 4 17:16:28 iqac099004 pulseaudio[1323]: [pulseaudio] protocol-native.c: Denied access to client with invalid authorization data.
May 4 17:16:33 iqac099004 acvpnagent[3373]: Function: OnTransportInitiateComplete File: ../../vpn/Agent/SslTunnelTransport.cpp Line: 363 Invoked Function: CTcpTransport::initiateTransport Return Code: -31588316 (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
May 4 17:16:33 iqac099004 acvpnagent[3373]: Function: OnTransportInitiateComplete File: ../../vpn/Agent/TlsProtocol.cpp Line: 549 Invoked Function: CSocketTransport::initiateTransport Return Code: -31588316 (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
May 4 17:16:33 iqac099004 acvpnagent[3373]: Function: OnTunnelInitiateComplete File: ../../vpn/Agent/CstpProtocol.cpp Line: 1258 Invoked Function: OnTunnelInitiateComplete Return Code: -31588316 (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT callback
May 4 17:16:33 iqac099004 acvpnagent[3373]: Function: OnTunnelInitiateComplete File: ../../vpn/Agent/TunnelStateMgr.cpp Line: 1210 Invoked Function: Initiate tunnel callback status Return Code: -31588316 (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT SSL tunnel state 4
May 4 17:16:33 iqac099004 acvpnagent[3373]: Function: terminateTunnel File: ../../vpn/Agent/CstpProtocol.cpp Line: 500 Tunnel going down without close-message being sent
May 4 17:16:33 iqac099004 acvpnagent[3373]: Function: OnTimerExpired File: ../../vpn/Common/IPC/SocketTransport.cpp Line: 1685 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31588316 (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
May 4 17:16:33 iqac099004 pulseaudio[1323]: [pulseaudio] protocol-native.c: Denied access to client with invalid authorization data.
May 4 17:16:37 iqac099004 acvpnagent[3373]: Function: STLoadLibrary File: ../../vpn/Common/Utility/Win/HModuleMgr.cpp Line: 149 Invoked Function: dlopen Return Code: 0 (0x00000000) Description: libz.so: cannot open shared object file: No such file or directory
May 4 17:16:37 iqac099004 acvpnagent[3373]: Function: LoadLibrary File: ../../vpn/Agent/CZLib.cpp Line: 242 Invoked Function: CHModuleMgr::STLoadLibrary Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED
May 4 17:16:37 iqac099004 acvpnagent[3373]: Function: CCstpProtocol File: ../../vpn/Agent/CstpProtocol.cpp Line: 309 Invoked Function: CZLib Return Code: -31981557 (0xFE18000B) Description: CZLIB_ERROR_LOAD_LIBRARY
May 4 17:16:38 iqac099004 pulseaudio[1323]: [pulseaudio] protocol-native.c: Denied access to client with invalid authorization data.
May 4 17:16:43 iqac099004 pulseaudio[1323]: [pulseaudio] protocol-native.c: Denied access to client with invalid authorization data.
May 4 17:16:45 iqac099004 acvpnagent[3373]: Function: OnTransportInitiateComplete File: ../../vpn/Agent/SslTunnelTransport.cpp Line: 363 Invoked Function: CTcpTransport::initiateTransport Return Code: -31588316 (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
May 4 17:16:45 iqac099004 acvpnagent[3373]: Function: OnTransportInitiateComplete File: ../../vpn/Agent/TlsProtocol.cpp Line: 549 Invoked Function: CSocketTransport::initiateTransport Return Code: -31588316 (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
May 4 17:16:45 iqac099004 acvpnagent[3373]: Function: OnTunnelInitiateComplete File: ../../vpn/Agent/CstpProtocol.cpp Line: 1258 Invoked Function: OnTunnelInitiateComplete Return Code: -31588316 (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT callback
May 4 17:16:45 iqac099004 acvpnagent[3373]: Function: OnTunnelInitiateComplete File: ../../vpn/Agent/TunnelStateMgr.cpp Line: 1210 Invoked Function: Initiate tunnel callback status Return Code: -31588316 (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT SSL tunnel state 4
May 4 17:16:45 iqac099004 acvpnagent[3373]: Function: OnTunnelStatusChange File: ../../vpn/Agent/TlsTunnelMgr.cpp Line: 1475 Invoked Function: CTunnelStateMgr::OnTunnelStatusChange Return Code: -31850486 (0xFE1A000A) Description: TUNNELSTATEMGR_ERROR_RECONNECT_LIMIT_EXCEEDED callback
May 4 17:16:45 iqac099004 acvpnagent[3373]: Function: OnVpnTunnelStatusChange File: ../../vpn/Agent/VpnMgr.cpp Line: 6064 Invoked Function: CVpnMgr::OnVpnTunnelStatusChange Return Code: -31850486 (0xFE1A000A) Description: TUNNELSTATEMGR_ERROR_RECONNECT_LIMIT_EXCEEDED
May 4 17:16:45 iqac099004 acvpnagent[3373]: Function: OnVpnTunnelStatusChange File: ../../vpn/Agent/VpnMgr.cpp Line: 6094 The current gateway IP address has become unreachable, will attempt reconnect to the failover address, if feasible
May 4 17:16:45 iqac099004 acvpnagent[3373]: Session level reconnect reason code 6: Disruption of the VPN connection to the secure gateway. Originates from tunnel level
May 4 17:16:45 iqac099004 acvpnagent[3373]: Function: OnTimerExpired File: ../../vpn/Common/IPC/SocketTransport.cpp Line: 1685 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31588316 (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
May 4 17:16:45 iqac099004 acvpnagent[3373]: The entire VPN connection is being re-established.
May 4 17:16:45 iqac099004 acvpnagent[3373]: The Primary DTLS connection to the secure gateway is being torn down.
May 4 17:16:45 iqac099004 acvpnagent[3373]: Function: OnTunnelInitiateComplete File: ../../vpn/Agent/CdtpProtocol.cpp Line: 538 Invoked Function: OnTunnelInitiateComplete Return Code: -31588328 (0xFE1E0018) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_TERMINATED:The socket transport's terminate connection function has been invoked. callback
May 4 17:16:45 iqac099004 acvpnagent[3373]: Function: OnTunnelInitiateComplete File: ../../vpn/Agent/TunnelStateMgr.cpp Line: 1199 Invoked Function: Initiate tunnel callback status Return Code: -31588328 (0xFE1E0018) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_TERMINATED:The socket transport's terminate connection function has been invoked. initiate already timed out for DTLS
May 4 17:16:45 iqac099004 acvpnagent[3373]: The Primary DTLS connection to the secure gateway is down.
May 4 17:16:45 iqac099004 acvpnagent[3373]: The Primary SSL connection to the secure gateway is being torn down.
May 4 17:16:45 iqac099004 acvpnagent[3373]: Function: terminateTunnel File: ../../vpn/Agent/CstpProtocol.cpp Line: 500 Tunnel going down without close-message being sent
May 4 17:16:45 iqac099004 acvpnagent[3373]: The Primary SSL connection to the secure gateway is down.

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to FedeSaraullo

‎05-04-2017 07:04 PM

Hi,

Please try apply these command in you ASA.

webvpn
anyconnect ssl keepalive 15
anyconnect dpd-interval client 5
anyconnect dpd-interval gateway 5

Also, in your split tunneling ACLs do you have subnets which overlap with your home LAN. This might cause a routing problem because anyconnect will install a route in your machine which overlaps with your home LAN. 

If you can confirm this by sharing the output of netstat -rn from your ubuntu before the client disconnects

0 Helpful

FedeSaraullo
Level 1
Level 1
In response to Mohammed al Baqari

‎05-05-2017 07:51 AM

Hi Mohamed! The configuration is how you say, isn't?

ASAITALTEL(config-group-webvpn)# sh run group-policy GP-CORPORATIVO
group-policy GP-CORPORATIVO internal
group-policy GP-CORPORATIVO attributes
dns-server value 10.0.0.5
vpn-idle-timeout 180
vpn-tunnel-protocol ikev1 ikev2 ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value ACL_VPN_SPLIT_CORPORATIVO
default-domain value italtel.com.ar
webvpn
anyconnect ssl dtls none
anyconnect mtu 1331
anyconnect ssl keepalive 15
anyconnect dpd-interval client 5
anyconnect dpd-interval gateway 5
anyconnect ssl compression none
anyconnect ask enable
anyconnect ssl df-bit-ignore enable

the command netstats -nr:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         30.0.0.1        0.0.0.0         UG        0 0          0 eth0
10.0.0.0        0.0.0.0         255.255.0.0     U         0 0          0 cscotun0
10.1.0.0        0.0.0.0         255.255.0.0     U         0 0          0 cscotun0
10.2.0.0        0.0.0.0         255.255.0.0     U         0 0          0 cscotun0
10.3.0.0        0.0.0.0         255.255.255.0   U         0 0          0 cscotun0
10.3.0.0        0.0.0.0         255.255.0.0     U         0 0          0 cscotun0
10.10.0.0       0.0.0.0         255.255.0.0     U         0 0          0 cscotun0
10.48.0.0       0.0.0.0         255.255.0.0     U         0 0          0 cscotun0
10.49.0.0       0.0.0.0         255.255.0.0     U         0 0          0 cscotun0
10.50.0.0       0.0.0.0         255.255.0.0     U         0 0          0 cscotun0
10.51.0.0       0.0.0.0         255.255.0.0     U         0 0          0 cscotun0
10.52.0.0       0.0.0.0         255.255.0.0     U         0 0          0 cscotun0
10.53.0.0       0.0.0.0         255.255.0.0     U         0 0          0 cscotun0
10.54.0.0       0.0.0.0         255.255.0.0     U         0 0          0 cscotun0
10.55.0.0       0.0.0.0         255.255.0.0     U         0 0          0 cscotun0
10.56.0.0       0.0.0.0         255.255.0.0     U         0 0          0 cscotun0
10.57.0.0       0.0.0.0         255.255.0.0     U         0 0          0 cscotun0
10.58.0.0       0.0.0.0         255.255.0.0     U         0 0          0 cscotun0
10.59.0.0       0.0.0.0         255.255.0.0     U         0 0          0 cscotun0
10.75.64.251    0.0.0.0         255.255.255.255 UH        0 0          0 cscotun0
10.75.64.252    0.0.0.0         255.255.255.255 UH        0 0          0 cscotun0
10.75.246.104   0.0.0.0         255.255.255.254 U         0 0          0 cscotun0
30.0.0.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0
30.0.0.1        0.0.0.0         255.255.255.255 UH        0 0          0 eth0
138.132.0.0     0.0.0.0         255.255.0.0     U         0 0          0 cscotun0
138.132.129.0   0.0.0.0         255.255.255.128 U         0 0          0 cscotun0
138.132.132.1   0.0.0.0         255.255.255.255 UH        0 0          0 cscotun

Thank you! In all machines with windows it is working fine.

0 Helpful

acontractor
Level 1
Level 1
In response to FedeSaraullo

‎03-08-2018 03:43 PM

We had the same problem.  Try disabling the DPD timers on webvpn. It worked for us.  Thanks.

0 Helpful
Customers Also Viewed These Support Documents