Cisco Anyconnect VPNClient Problem

Unanswered Question

Hi everybody!

Some of our users need to use the Cisco Anyconnect SSL VPN Client to connect to network of a business partner. This works without problems on most of the machines, however on some machines, the client is not able to connect to the VPN.

On those machines, user get two error messages saying "The VPN client is unable to establish a connection" and "Unable to establish VPN".

All Clients run Windows Vista Enterprise (x86 and x64) and use Cisco Anyconnect VPNClient Version 2.4.0202.

According to the logs on the client machines, i think that there is a problem regarding the source ip address, the client is using to connect to the VPN Server (because this is something that differs between the logs of a working and the logs of a not-working client)

If the client is able to connect, the eventlog entry looks like this:

Function: CSslTunnelTransport::postSocketConnectProcessing
File: .\SslTunnelTransport.cpp
Line: 1360
Opened SSL socket from to [Server IP]

If the client is not able to connect, the eventlog entry looks like this:

Function: CSslTunnelTransport::postSocketConnectProcessing
File: .\SslTunnelTransport.cpp
Line: 1360
Opened SSL socket from to [Server IP]

Could the use of the loopback address be the problem or has someone experienced something similar?

I can rule-out local and perimeter firewalls and any other network security device that is in use. In addition, the clients are deployed with a standardized image, so there is no difference regarding installed software.

Thanks for any help!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Wed, 01/20/2010 - 09:05

I've found that the AnyConnect client is a little flakey and an upgrade usually fixes most issues. Can you upgrade the client on one machine to the latest version and test?

Richard Burts Fri, 01/22/2010 - 05:49

I would certainly think that use of the loopback would be problematic in attempting to establish a VPN connection. I am not sure why some clients would do this. I wonder if the output of ipconfig and of route print (or equivalents from Vista) would provide a clue about the problem.

And the advice from Collin might be helpful. It sometimes does solve problems to to to a more recent version of code.



Richard Burts Wed, 01/27/2010 - 09:09


Can your verify that the users who are having the problem have correct IP addresses assigned/configured?

At the time when the user has the problem can you verify that they have connectivity to the remote concentrator address? If they open a browser and https to the remote name/address, what do they get in the browser? (if they have proper connectivity they should get a login prompt from the remote concentrator)



a.brazendale Mon, 03/22/2010 - 11:50


A question for the OP, was this issue resolved? I have a handful of clients at one company who run XP Pro and they are having this problem. I can't replicate the problem here with an XP machine. Their accounts and connectivity to the ASA are fine. They can browse to the webvpn page no problem and log in - just they can't connect using the AnyConnect software. We've tried various versions, including 2.4.1012



Jennifer Halim Mon, 03/29/2010 - 01:32

The Windows Vista PC that were having problem connecting via AnyConnect, were they an upgrade from Windows XP? If they are, and they have AnyConnect installed prior, it needs to be uninstall prior to upgrading to Windows Vista as per the AnyConnect release notes:

Also, you might want to double check that the Vista is either with SP2 or Vista SP 1 with KB952876.


This Discussion