Problem with Anyconnect client

Unanswered Question
Jul 23rd, 2010
User Badges:

Hi,


We are having problems with Anyconnect client after upgrading from 2.4.x to 2.5.0217, but only on some computers.


We've made tests on some computers and it works fine, but on two PC's there is a problem which we can see on ASA like this:

4|Jul 22 2010|12:00:42|113019|||||Group = ARAS, Username = xxx, IP = x.x.x.x, Session disconnected. Session Type: SSL, Duration: 0h:03m:16s, Bytes xmt: 447553, Bytes rcv: 28063, Reason: Client type not supported


When we investigate the log we compare the log when it works and log where the problem exist:

When it works log is like this: (on first PC)

6|Jul 23 2010|10:10:44|737026|||||IPAA: Client assigned 192.168.6.41 from local pool
6|Jul 23 2010|10:10:44|725002|93.103.83.19|1892|||Device completed SSL handshake with client OUTSIDE:93.103.83.19/1892
6|Jul 23 2010|10:10:44|725001|93.103.83.19|1892|||Starting SSL handshake with client OUTSIDE:93.103.83.19/1892 for TLSv1 session.


When it doesn't work clent terminates without any understanable explanation: (on second PC)

6|Jul 22 2010|12:01:07|725007|89.212.105.141|1259|||SSL session with client OUTSIDE:89.212.105.141/1259 terminated.
6|Jul 22 2010|12:01:07|725002|89.212.105.141|1267|||Device completed SSL handshake with client OUTSIDE:89.212.105.141/1259
6|Jul 22 2010|12:01:07|725001|89.212.105.141|1267|||Starting SSL handshake with client OUTSIDE:89.212.105.141/1259 for TLSv1 session


It seems that in case when it doesn't work, the client doesn't get IP address. We have tried many times on both PCs and the result is always the same. First PC works, second not.


Any similar problem, any idea?


BR,  Marko

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Todd Pula Wed, 07/28/2010 - 11:46
User Badges:
  • Silver, 250 points or more

Can you please provide additional details regarding your setup?  Are you doing any type of authorization on this ASA that might restrict users to a certain tunneling protocol?  Are you using CSD or DAP?

mtrcek Wed, 07/28/2010 - 23:55
User Badges:

We are using authentication from OTP server and authorization based on user group in AD. We are checking DAP parameters for allowing users to connect and using cache cleaner, but we are not using CSD.


The main problem is to make an upgrade, because user needs administrator rights on PCs. So, we suggested our partner that their clients should do upgrade manually, but the first one who made an upgrade, was having this issue. Before upgrade everything was working fine and after upgrade not. When we made this upgrade in testing environment, everything was working fine.


Debug for DAP is OK and there is no other errors when we are debugging connection.


M.

Actions

This Discussion