Anyconnect loses connectivity to internal resources

Unanswered Question
Jun 30th, 2014
User Badges:

Hi All,

 

Has anyone ever had an Anyconnect VPN client just lose connectivity in the middle of a session?  The user connects via VPN fine all internal resources are available and they can get to things.  Within a certain time frame the user all of the sudden cannot get to internal resources, but tunnel is still established and connected.  They cannot ping internal resources nor can I ping the client IP of the user that is connected.  I see the connection still there within the CLI.  The user can log off and log back into the vpn and work again, but the issue may creep up again.  Any one else seen an issue like this?

 

Thanks,

 

Bill

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marius Gunnerud Tue, 07/01/2014 - 01:46
User Badges:
  • Red, 2250 points or more
  • Cisco Designated VIP,

    2017 Firewalling

I have seen issues where users were kicked off the VPN randomly but the cause of this was that the VPN IP pool was exhausted so they were not able to log back in.

Does this happen often?

Have you checked the logs for any anomalies or anything that might indicate a disconnection of some sort, even though the user account seems to still be connected?

--

Please remember to select a correct answer and rate helpful posts

wngwngwng Wed, 07/16/2014 - 12:56
User Badges:

The client side says it is connected and when I look at the ASA the username connected is still listed.  I'll have to check on the logs and such to see if there are any anomalies.

Dinesh Moudgil Thu, 07/17/2014 - 00:43
User Badges:
  • Cisco Employee,

Hi ,

 

I ran into a similar issue before and saw that user was shunned from the ASA and thus VPN session was up but traffic was not passing.
Try "show shun" to see if the client's IP is listed there or not.
If that does not help, run test traffic (continuous pings) from VPN client and run captures on inside interface (to see if the packets are reaching there). This will tell you if the packets are even reaching ASA .

Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
 

wngwngwng Thu, 10/30/2014 - 05:03
User Badges:

Our clients are Windows 7 and this doesn't happen to everybody if at all many.  On occasion I have had the Anyconnect client reinstalled on their workstations and it seemed to work.  Not sure if the Anyconnect service/drive gets messed up.  I haven't had the chance to packet capture the inside interface while the client was connected.  I figure if the problem was the ASA that more folks connecting would have the issue.

chrishoell1224 Wed, 10/29/2014 - 13:52
User Badges:

I am having the same issue with some windows 8.1 machines. Everyone else works fine. Concentrator and client both show connected but no traffic passes. disconnect and reconnect fixes the issue temporarily.

Have you gotten a resolution?

 

Show shun statistics shows 0 shuns...

 

vpnc60a# show shun stat
outside=OFF, cnt=0
inside=OFF, cnt=0
management=OFF, cnt=0

 

CH

wngwngwng Thu, 10/30/2014 - 05:06
User Badges:

I myself have not got a resolution yet except for having the client reinstalled and that isn't 100% guaranteed.  I have also seen where some setting or something with the user's home wifi router causing issues with VPN.

Actions

This Discussion