Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2421
Views
0
Helpful
3
Replies

Anyconnect 2.4 Trusted Network Detection & SBL issue

roadhouse1387
Level 1
Level 1

‎02-08-2010 06:59 AM - edited ‎02-21-2020 04:29 PM

Hi Guys,


I have Anyconnect premium clients connecting to my ASA 8.2(1) with Start Before Login which is working fine.


The new trusted Network Detection feature in 2.4 is something we would like to deploy. In testing, when we move a host pc from untrusted to trusted networks, we are finding that the TND does work but that it does not prevent the SBL gui from opening (which it is supposed to do). At this point, the host pc pauses for some time then returns an error saying 'VPN agent is not responding'. The host pc then crashes and has to be rebooted and logged in on the untrusted network before TND can be removed to allow any operation at all on the trusted network.


So it seems as if the anyconnect client is recognising that it is now on a trusted network and closing down the VPN agent service but it is not preventing SBL from operating, which  is crashing because it cant contact the VPN agent service.


Has anyone else seen this behaviour before and can suggest a workaround or fix ? or have I found a bug ?


I have looked in the release notes and on TAC but with no luck.


Cheers

Labels:
0 Helpful
3 Replies 3

Mark Fontenot
Level 1
Level 1

‎02-23-2010 10:30 AM

Hi RoadHouse,

I'm having this exact issue.  No one's replied here, have you found a solution, yet?

Thanks

Mark

0 Helpful

roadhouse1387
Level 1
Level 1
In response to Mark Fontenot

‎02-24-2010 01:30 AM

Hi Mark,

Actually, yes (thanks for the jolt, I should have posted this as soon as I found out...sorry guys).

I had a chat with some Cisco guys and it is a bug which is fixed in 2.5 due out around March/April (although I dont think there is a firm date for this so dont take it as gospel)

Hope this helps

Cheers

Shaun

0 Helpful

Atri Basu
Cisco Employee
Cisco Employee
In response to roadhouse1387

‎08-22-2010 08:33 AM

A quick FYI. The Anyconnect 2.5.0217 is out and it has a fix for CSCtd47600, which I think describes the issue you mention here.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents