Cisco AnyConnect VPN Client keeps reconnecting

Answered Question
Apr 4th, 2011

Hi,

Recently we've installed an ASA5505 and enabled VPN access.

Two of my colleagues have no problems connecting to the VPN using the Cisco AnyConnect VPN Client but I do.

I always get disconnected after a few seconds with the message:

"A VPN reconnect resulted in different configuration settings. The VPN network interface is being re-initialized. Applications utilizing the private network may need to be restarted."

Cisco AnyConnect VPN Client Version 2.5.2019

I'm working with Windows 7 but the the same thing happens when I try to connect using my home computer that is running Windows Vista.

My colleagues also use Win7

I also tried disabling Windows Firewall.

Any help would be appreciated.

Best regards,

Peter

I have this problem too.
0 votes
Correct Answer by rknutsen about 3 years 5 hours ago

TAC was able to solve issue.   Needed to changed webvpn mtu from default of 1406 to 1200.

Not sure why 2 other ASAs we have work fine with default though!

webvpn
  svc mtu 1200 

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (2 ratings)
Richard Burts Tue, 04/05/2011 - 14:37

Peter

I wonder if there is significance that 2 of your colleagues work and you do not? By default the ASA has licenses for 2 SSL VPN connections (which would be AnyConnect). Does this ASA have additional licenses for SSL/AnyConnect?

If you are not sure, the answer can be found in the output of show version (and depending on the version of code running in the ASA also in output of show license).

HTH

Rick

pdobbelaere Wed, 04/06/2011 - 00:24

Hi Richard,

We do have indeed only 2 licenses.

But what I've meant is that I could logon to AnyConnect VPN with my credentials on my colleague's PC. Meaning that VPN itself seems to be working ok.

Best regards,

Peter

Richard Burts Wed, 04/06/2011 - 07:44

Peter

Thanks for the additional information.

I wonder if there are any helpful messages in the log of the ASA. Perhaps you could have someone monitoring or capturing the logs of the ASA while you attempt your VPN connection. (That does assume that you have enabled logging on the ASA at an appropriate level.)

I also wonder what would be the result if you were to reboot the ASA and then were to connect to VPN from your PC before your colleagues connect to VPN from their PCs.

HTH

Rick

rknutsen Tue, 04/12/2011 - 07:16

Having same issue with only Windows 7 clients.   Running anyconnect-win-2.5.2019-k9.

Have two other ASAs running same IOS and same anyconnect version.   Windows 7 users connect fine to there.

Just opened case with TAC.

Correct Answer
rknutsen Tue, 04/12/2011 - 10:37

TAC was able to solve issue.   Needed to changed webvpn mtu from default of 1406 to 1200.

Not sure why 2 other ASAs we have work fine with default though!

webvpn
  svc mtu 1200 

pdobbelaere Wed, 04/13/2011 - 01:51

Thanks!

Changing the MTU size did indeed solve the problem. Great!

Never would have figured that out by myself :-)

jbburks Sat, 02/11/2012 - 06:51

Is there any way we can change this on the PC client, rather than on the ASA/tunnel configuration?

The AT&T/Novatel MiFi apparently has an MTU of 1200. We don't want to set everyone down to that low.

nevinma223 Mon, 04/02/2012 - 09:17

the root cause of this problem is the incorrect MTU value. So the only thing you need to do is updating your MTU value in local machine to a correct one. Let's take an example in Windows7 x64 professional

Step 1, use the following command to check the MTU value in your machine:

netsh interface ipv4 show subinterfaces

That might be multiple network adapters displayed, check the value of Cisco Anyconnect adapter.

In my machine, that is a huge one containing at least 10 digits.

Step 2, set the MTU value to a resonable one by the following command:

netsh interface ipv4 set subinterface "loopback pseudo-interface 1" mtu=1273 store=persistent

"loopback pseudo-interface 1" is the network adapter name for Cisco Anyconnect.

1273 is the appropriate MTU value i got from another machine which works fine with Cisco Anyconnect.

The value might vary from machine to machine, but i am sure you can find the correct one.

Actions

Login or Register to take actions

This Discussion

Posted April 4, 2011 at 6:23 AM
Stats:
Replies:8 Avg. Rating:5
Views:35716 Votes:0
Shares:1

Related Content

Discussions Leaderboard