Anyconnect 2.4 Trusted Network Detection & SBL issue

Unanswered Question
Feb 8th, 2010
User Badges:

Hi Guys,


I have Anyconnect premium clients connecting to my ASA 8.2(1) with Start Before Login which is working fine.


The new trusted Network Detection feature in 2.4 is something we would like to deploy. In testing, when we move a host pc from untrusted to trusted networks, we are finding that the TND does work but that it does not prevent the SBL gui from opening (which it is supposed to do). At this point, the host pc pauses for some time then returns an error saying 'VPN agent is not responding'. The host pc then crashes and has to be rebooted and logged in on the untrusted network before TND can be removed to allow any operation at all on the trusted network.


So it seems as if the anyconnect client is recognising that it is now on a trusted network and closing down the VPN agent service but it is not preventing SBL from operating, which  is crashing because it cant contact the VPN agent service.


Has anyone else seen this behaviour before and can suggest a workaround or fix ? or have I found a bug ?


I have looked in the release notes and on TAC but with no luck.


Cheers

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Mark Fontenot Tue, 02/23/2010 - 10:30
User Badges:

Hi RoadHouse,


I'm having this exact issue.  No one's replied here, have you found a solution, yet?


Thanks

Mark

roadhouse1387 Wed, 02/24/2010 - 01:30
User Badges:

Hi Mark,


Actually, yes (thanks for the jolt, I should have posted this as soon as I found out...sorry guys).


I had a chat with some Cisco guys and it is a bug which is fixed in 2.5 due out around March/April (although I dont think there is a firm date for this so dont take it as gospel)


Hope this helps


Cheers

Shaun

Atri Basu Sun, 08/22/2010 - 08:33
User Badges:
  • Cisco Employee,

A quick FYI. The Anyconnect 2.5.0217 is out and it has a fix for CSCtd47600, which I think describes the issue you mention here.

Actions

This Discussion