IP Communicator kills Anyconnect VPN Connection

Answered Question
May 13th, 2010

Anyconnect version 2.5.0217

ASA 8.0.5

IP Communicator 2.1.4

Connecting with Anyconnect and can access myremote network ok. If I launch IP Communicator it fails to register and my remote access via Anyconnect stops working. I need to close IP Communicator and restart Anyconnect to get my connection back. IP Communicator works just fine with the ipsec client. Any ideas?

I have this problem too.
0 votes
Correct Answer by JORGE RODRIGUEZ about 6 years 6 months ago

Hi Adam, long time friend !!

Sounds like bug,  I did the search in database. this one resambles the behaviour..

Bug ID: CSCte42788

ASA anyconnect DTLS CONN is torn down when tftp error MSG is rvd- CIPC
Symptom:

ASA with anyconnect DTLS connection, when tftp
inspection is enabled, if a TFTP file transfer is attempted
from the anyconnect client and if the file is not
found (or results in any TFTP error message returned), it
will intermittently disconnect the DTLS session also.

This will cause a temporary stoppage of traffic flow
as anyconnect client re-establishes the connection.

This is commonly seen in Cisco IP communicator when it tries to use
TFTP and the file is not on the TFTP server (call manager).

Conditions:

1) TFTP from client and results in a TFTP error message
2) TFTP inspection is enabled

Workaround:

1)Disable TFTP inspection
2) Use TLS intead of DTLS

Best Regards

Jorge

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
JORGE RODRIGUEZ Thu, 05/13/2010 - 15:04

Hi Adam, long time friend !!

Sounds like bug,  I did the search in database. this one resambles the behaviour..

Bug ID: CSCte42788

ASA anyconnect DTLS CONN is torn down when tftp error MSG is rvd- CIPC
Symptom:

ASA with anyconnect DTLS connection, when tftp
inspection is enabled, if a TFTP file transfer is attempted
from the anyconnect client and if the file is not
found (or results in any TFTP error message returned), it
will intermittently disconnect the DTLS session also.

This will cause a temporary stoppage of traffic flow
as anyconnect client re-establishes the connection.

This is commonly seen in Cisco IP communicator when it tries to use
TFTP and the file is not on the TFTP server (call manager).

Conditions:

1) TFTP from client and results in a TFTP error message
2) TFTP inspection is enabled

Workaround:

1)Disable TFTP inspection
2) Use TLS intead of DTLS

Best Regards

Jorge

acomiskey Fri, 05/14/2010 - 05:54

Thanks Jorge, haven't been around for a while, nice to see you guys haven't lost your touch!

Disabling tftp inspection on the ASA did the trick!

Actions

This Discussion