Recently we've installed an ASA5505 and enabled VPN access.
Two of my colleagues have no problems connecting to the VPN using the Cisco AnyConnect VPN Client but I do.
I always get disconnected after a few seconds with the message:
"A VPN reconnect resulted in different configuration settings. The VPN network interface is being re-initialized. Applications utilizing the private network may need to be restarted."
Cisco AnyConnect VPN Client Version 2.5.2019
I'm working with Windows 7 but the the same thing happens when I try to connect using my home computer that is running Windows Vista.
My colleagues also use Win7
I also tried disabling Windows Firewall.
Any help would be appreciated.
Solved! Go to Solution.
I wonder if there is significance that 2 of your colleagues work and you do not? By default the ASA has licenses for 2 SSL VPN connections (which would be AnyConnect). Does this ASA have additional licenses for SSL/AnyConnect?
If you are not sure, the answer can be found in the output of show version (and depending on the version of code running in the ASA also in output of show license).
We do have indeed only 2 licenses.
But what I've meant is that I could logon to AnyConnect VPN with my credentials on my colleague's PC. Meaning that VPN itself seems to be working ok.
Thanks for the additional information.
I wonder if there are any helpful messages in the log of the ASA. Perhaps you could have someone monitoring or capturing the logs of the ASA while you attempt your VPN connection. (That does assume that you have enabled logging on the ASA at an appropriate level.)
I also wonder what would be the result if you were to reboot the ASA and then were to connect to VPN from your PC before your colleagues connect to VPN from their PCs.
Having same issue with only Windows 7 clients. Running anyconnect-win-2.5.2019-k9.
Have two other ASAs running same IOS and same anyconnect version. Windows 7 users connect fine to there.
Just opened case with TAC.
Changing the MTU size did indeed solve the problem. Great!
Never would have figured that out by myself :-)
Is there any way we can change this on the PC client, rather than on the ASA/tunnel configuration?
The AT&T/Novatel MiFi apparently has an MTU of 1200. We don't want to set everyone down to that low.
the root cause of this problem is the incorrect MTU value. So the only thing you need to do is updating your MTU value in local machine to a correct one. Let's take an example in Windows7 x64 professional
Step 1, use the following command to check the MTU value in your machine:
netsh interface ipv4 show subinterfaces
That might be multiple network adapters displayed, check the value of Cisco Anyconnect adapter.
In my machine, that is a huge one containing at least 10 digits.
Step 2, set the MTU value to a resonable one by the following command:
netsh interface ipv4 set subinterface "loopback pseudo-interface 1" mtu=1273 store=persistent
"loopback pseudo-interface 1" is the network adapter name for Cisco Anyconnect.
1273 is the appropriate MTU value i got from another machine which works fine with Cisco Anyconnect.
The value might vary from machine to machine, but i am sure you can find the correct one.