cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2934
Views
5
Helpful
8
Replies

Anyconnect loses connectivity to internal resources

wngwngwng
Level 1
Level 1

Hi All,

 

Has anyone ever had an Anyconnect VPN client just lose connectivity in the middle of a session?  The user connects via VPN fine all internal resources are available and they can get to things.  Within a certain time frame the user all of the sudden cannot get to internal resources, but tunnel is still established and connected.  They cannot ping internal resources nor can I ping the client IP of the user that is connected.  I see the connection still there within the CLI.  The user can log off and log back into the vpn and work again, but the issue may creep up again.  Any one else seen an issue like this?

 

Thanks,

 

Bill

8 Replies 8

I have seen issues where users were kicked off the VPN randomly but the cause of this was that the VPN IP pool was exhausted so they were not able to log back in.

Does this happen often?

Have you checked the logs for any anomalies or anything that might indicate a disconnection of some sort, even though the user account seems to still be connected?

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

The client side says it is connected and when I look at the ASA the username connected is still listed.  I'll have to check on the logs and such to see if there are any anomalies.

Hi ,

 

I ran into a similar issue before and saw that user was shunned from the ASA and thus VPN session was up but traffic was not passing.
Try "show shun" to see if the client's IP is listed there or not.
If that does not help, run test traffic (continuous pings) from VPN client and run captures on inside interface (to see if the packets are reaching there). This will tell you if the packets are even reaching ASA .

Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
 

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/


@Dinesh Moudgil wrote:

Try "show shun" to see if the client's IP is listed there or not.


Thank you Dinesh,

We had to change our VPN addresses a while back and forgot to update the shun exception. I know this was an old post, but it helped us out.

Hi @AlexOlson,

 

Glad this helped you

 

Thanks,

Dinesh Moudgil

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

Our clients are Windows 7 and this doesn't happen to everybody if at all many.  On occasion I have had the Anyconnect client reinstalled on their workstations and it seemed to work.  Not sure if the Anyconnect service/drive gets messed up.  I haven't had the chance to packet capture the inside interface while the client was connected.  I figure if the problem was the ASA that more folks connecting would have the issue.

chrishoell1224
Level 1
Level 1

I am having the same issue with some windows 8.1 machines. Everyone else works fine. Concentrator and client both show connected but no traffic passes. disconnect and reconnect fixes the issue temporarily.

Have you gotten a resolution?

 

Show shun statistics shows 0 shuns...

 

vpnc60a# show shun stat
outside=OFF, cnt=0
inside=OFF, cnt=0
management=OFF, cnt=0

 

CH

I myself have not got a resolution yet except for having the client reinstalled and that isn't 100% guaranteed.  I have also seen where some setting or something with the user's home wifi router causing issues with VPN.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: