Cisco AnyConnect VPN client fails to connect on reboot

chrisk0011111 · ‎08-23-2016

Hi Guys,

I am have an intestesting issue i hope someone can help with.

My client is using the Cisco AnyConnect VPN Client in conjuctuion with an MYOB program. When my client attempts to lodge using MYOB first thing in the morning they recieve a message that the Cisco client cannot connect to the VPN tunnel, MYOB then crashes and closes and this happens each time they try and lodge.

I am able to correct the issue by reinstalling the VPN client, and getting my client not to reboot her computer. Is there something within Windows or in the VPN client software causing this issue and how can i rectify it?

If it helps there are two computers having this problem one running Windows 10 the other running Windows Vista.

Any help would be greatly appreciated.

LJ Gabrillo · ‎08-24-2016

Gosh the all hated Windows Vista, and the still baby Windows 10.
Config wise, i think there is no problem with your configuration considering it's working. So let's assume that atm.

May I ask what version of anyconnect you are calling out in your config?
If this is a router, the line should look like #crypto vpn anyconnect flash:anyconnect-win-4.2.00096-k9..pkg sequence 1
or if it's an ASA it should look like #anyconnect image disk0:/anyconnect-win-4.2.00096-k9.pkg 1

What you can do:
1. Is your software auto-launch? i mean everytime your clients turns on their computer, it launches automatically. I suggest disabling that.

-Verify that your software is not running->Make the VPN AnyConnect is launched and connect first, THEN launch your own software.

2. Try using an upgraded AnyConnect package
-You can use multiple package so that your existing users wont get affected
FOR EXAMPLE:
(ill use an ASA as an example)

#webvpn
#enable outside
#tunnel-group-list enable
#anyconnect image disk0:/anyconnect-win-4.0.0000-k9.pkg 1
#anyconnect image disk0:/anyconnect-win-4.2.0000-k9.pkg 2
#anyconnect enable

-That number indicates the sequence(Priority) number if your curious

->On the systems that are having issues, uninstall their current anyonnect (w/c is 4.0) and install a version 4.2
->Your current clients with no issues( using 4.0) will not be affected since their image is still called :)

chrisk0011111 · ‎08-24-2016

Thanks for the reply LJ Gabrillo

Lol thats a relief at least i can rule out the config at the moment :)

We do not have a Cisco router or ASA in the equation at the moment, we have a Netcomm device handling all web traffic.

1. As far as i can remember the anyconnect software was not running on startup, but ill definitely check

2. If i don't have an ASA how can i upgrade the package?

LJ Gabrillo · ‎08-24-2016

Oh wait, so your saying you are not the administrator of the ASA or router?

To clarify, your issue is a software level problem and you are not the Administrator the of ASA or Router?

1. Regarding the startup, I am talking about your software NOT the AnyConnect software
2. Regarding the upgrade package, you need to coordinate this with the ASA or router (whatever is terminating the AnyConnect) for that, but let's eliminate this, this is a software/OS level issue

Just a few questions:
1. How do you launch anyconnect? do you just simply double-click it?
-I'd recommend running the software in 'Run as Administrator' mode
-This might be a UAC issue

Let's go back to point 1 and do isolation testing:
-NOTE: Run all software using 'Run as Administrator' mode

1. With your software closed/no services running, try asking the client to establish VPN
2. Once client successfully establishes VPN connection, open-up your software

-Tell us what happens. Close your software and disconnect once done

Next is:
1. Try doing the reverse, launch your software first and establish your services
2. Launch AnyConnect and establish VPN

-Tell us what happens

NOTE:
-Based on the behavior of your MYOB program (it crashes if anyconnect is launched), there might be a conflict in the services it is using, particularly in Vista and Win10, this is a deeper problem and the best way to isolate this is to coordinate with whoever is managing their AnyConnect connections