cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
774
Views
0
Helpful
3
Replies

VPN Any connect shows up as connected but apparently not

venuzr_rao11
Level 1
Level 1

All

Thanks for taking the time to read this. 

I have a weird situation with regard to the Any connect client to connect to VPN.  Maybe the below chart can explain it easier.

Person\Machine                Her office  VPN          My Office VPN

Laptop (XP)                         No                            Yes

Desktop (Vista)                   Yes                          Yes

Using my work laptop (running Windows XP), my girlfriend is unable to connect to her office VPN.  The status shows up as "Connected" but she is unable to access resources on her office network or go on Remote desktop.  However, I am able to use the same laptop to connect to MY office vpn and access all the resources that I need to.

The flip side is that both of us can connect to our respective office VPNs (and access all resources including Remote desktop) using the AnyConnect client on my desktop.

I compared the network connections for the connections to her office from the laptop and also the desktop and the routing tables, the gateway look identical.  The major differences are

a) The desktop is on LAN while the laptop is on wireless.  Shouldn't matter as I can use it to connect anyway to my VPN

b)  The received bytes (from her gateway) on the laptop is in the region of around 5k while on the desktop it is around 1.2 MB.

So I am not sure that it is connected although the status does show up as connected.

Please advise

Thanks

-Venu

3 Replies 3

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Venu,

Theory goes that Anyconnect should be agnostic of connection type it is on ... but indeed that would be nice to check - if wireless or cable works.

IMHO we'd need to have a look at the headend to see what's going on. I can think of a very easy scneario to make this happens. DAP + certificate check or CSD to name one.

Why do you think the client is problematic here?

Marcin

Marcin,

Thanks for responding.  I am not sure that it is the client but considering the amount of received bytes (5k Vs 1.2 MB), I am suspecting it is.

The trouble is that with the VPN Any connect client, I don't know where to look for the certificate.  Is there a a host entry /certificate/policy file

If there is, I could copy the entry from the working version into other.

Thanks

-Venu

Well honestly I would not go too far without knowing what is configured on the headend.

I would be suspicious of the client if sent bytes were low rather then received unless client firewall...this would not explain however why it's working for you

Anyconnect by default uses all cert stores ... if CSD is in the picture it would be visible... pre-login policies maybe (you'd land on different profiles)...

Too many possibilities without being able to correlate what's configured on the headend.

Marcin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: