Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1253
Views
0
Helpful
2
Replies

Problem with Anyconnect client

mtrcek
Level 1
Level 1

‎07-23-2010 02:48 AM - edited ‎02-21-2020 04:45 PM

Hi,

We are having problems with Anyconnect client after upgrading from 2.4.x to 2.5.0217, but only on some computers.

We've made tests on some computers and it works fine, but on two PC's there is a problem which we can see on ASA like this:

4|Jul 22 2010|12:00:42|113019|||||Group = ARAS, Username = xxx, IP = x.x.x.x, Session disconnected. Session Type: SSL, Duration: 0h:03m:16s, Bytes xmt: 447553, Bytes rcv: 28063, Reason: Client type not supported

When we investigate the log we compare the log when it works and log where the problem exist:

When it works log is like this: (on first PC)

6|Jul 23 2010|10:10:44|737026|||||IPAA: Client assigned 192.168.6.41 from local pool
6|Jul 23 2010|10:10:44|725002|93.103.83.19|1892|||Device completed SSL handshake with client OUTSIDE:93.103.83.19/1892
6|Jul 23 2010|10:10:44|725001|93.103.83.19|1892|||Starting SSL handshake with client OUTSIDE:93.103.83.19/1892 for TLSv1 session.

When it doesn't work clent terminates without any understanable explanation: (on second PC)

6|Jul 22 2010|12:01:07|725007|89.212.105.141|1259|||SSL session with client OUTSIDE:89.212.105.141/1259 terminated.
6|Jul 22 2010|12:01:07|725002|89.212.105.141|1267|||Device completed SSL handshake with client OUTSIDE:89.212.105.141/1259
6|Jul 22 2010|12:01:07|725001|89.212.105.141|1267|||Starting SSL handshake with client OUTSIDE:89.212.105.141/1259 for TLSv1 session

It seems that in case when it doesn't work, the client doesn't get IP address. We have tried many times on both PCs and the result is always the same. First PC works, second not.

Any similar problem, any idea?

BR,  Marko

Labels:
0 Helpful
2 Replies 2

Todd Pula
Level 7
Level 7

‎07-28-2010 11:46 AM

Can you please provide additional details regarding your setup?  Are you doing any type of authorization on this ASA that might restrict users to a certain tunneling protocol?  Are you using CSD or DAP?

0 Helpful

mtrcek
Level 1
Level 1
In response to Todd Pula

‎07-28-2010 11:55 PM

We are using authentication from OTP server and authorization based on user group in AD. We are checking DAP parameters for allowing users to connect and using cache cleaner, but we are not using CSD.

The main problem is to make an upgrade, because user needs administrator rights on PCs. So, we suggested our partner that their clients should do upgrade manually, but the first one who made an upgrade, was having this issue. Before upgrade everything was working fine and after upgrade not. When we made this upgrade in testing environment, everything was working fine.

Debug for DAP is OK and there is no other errors when we are debugging connection.

M.

0 Helpful
Customers Also Viewed These Support Documents