IP Communicator kills Anyconnect VPN Connection

Answered Question
May 13th, 2010
User Badges:
  • Green, 3000 points or more

Anyconnect version 2.5.0217

ASA 8.0.5

IP Communicator 2.1.4


Connecting with Anyconnect and can access myremote network ok. If I launch IP Communicator it fails to register and my remote access via Anyconnect stops working. I need to close IP Communicator and restart Anyconnect to get my connection back. IP Communicator works just fine with the ipsec client. Any ideas?

Correct Answer by JORGE RODRIGUEZ about 7 years 1 month ago

Hi Adam, long time friend !!


Sounds like bug,  I did the search in database. this one resambles the behaviour..


Bug ID: CSCte42788



ASA anyconnect DTLS CONN is torn down when tftp error MSG is rvd- CIPC
Symptom:

ASA with anyconnect DTLS connection, when tftp
inspection is enabled, if a TFTP file transfer is attempted
from the anyconnect client and if the file is not
found (or results in any TFTP error message returned), it
will intermittently disconnect the DTLS session also.

This will cause a temporary stoppage of traffic flow
as anyconnect client re-establishes the connection.

This is commonly seen in Cisco IP communicator when it tries to use
TFTP and the file is not on the TFTP server (call manager).

Conditions:

1) TFTP from client and results in a TFTP error message
2) TFTP inspection is enabled

Workaround:

1)Disable TFTP inspection
2) Use TLS intead of DTLS



Best Regards

Jorge

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
JORGE RODRIGUEZ Thu, 05/13/2010 - 15:04
User Badges:
  • Green, 3000 points or more

Hi Adam, long time friend !!


Sounds like bug,  I did the search in database. this one resambles the behaviour..


Bug ID: CSCte42788



ASA anyconnect DTLS CONN is torn down when tftp error MSG is rvd- CIPC
Symptom:

ASA with anyconnect DTLS connection, when tftp
inspection is enabled, if a TFTP file transfer is attempted
from the anyconnect client and if the file is not
found (or results in any TFTP error message returned), it
will intermittently disconnect the DTLS session also.

This will cause a temporary stoppage of traffic flow
as anyconnect client re-establishes the connection.

This is commonly seen in Cisco IP communicator when it tries to use
TFTP and the file is not on the TFTP server (call manager).

Conditions:

1) TFTP from client and results in a TFTP error message
2) TFTP inspection is enabled

Workaround:

1)Disable TFTP inspection
2) Use TLS intead of DTLS



Best Regards

Jorge

acomiskey Fri, 05/14/2010 - 05:54
User Badges:
  • Green, 3000 points or more

Thanks Jorge, haven't been around for a while, nice to see you guys haven't lost your touch!


Disabling tftp inspection on the ASA did the trick!

Actions

This Discussion