02-08-2010 06:59 AM - edited 02-21-2020 04:29 PM
Hi Guys,
I have Anyconnect premium clients connecting to my ASA 8.2(1) with Start Before Login which is working fine.
The new trusted Network Detection feature in 2.4 is something we would like to deploy. In testing, when we move a host pc from untrusted to trusted networks, we are finding that the TND does work but that it does not prevent the SBL gui from opening (which it is supposed to do). At this point, the host pc pauses for some time then returns an error saying 'VPN agent is not responding'. The host pc then crashes and has to be rebooted and logged in on the untrusted network before TND can be removed to allow any operation at all on the trusted network.
So it seems as if the anyconnect client is recognising that it is now on a trusted network and closing down the VPN agent service but it is not preventing SBL from operating, which is crashing because it cant contact the VPN agent service.
Has anyone else seen this behaviour before and can suggest a workaround or fix ? or have I found a bug ?
I have looked in the release notes and on TAC but with no luck.
Cheers
02-23-2010 10:30 AM
Hi RoadHouse,
I'm having this exact issue. No one's replied here, have you found a solution, yet?
Thanks
Mark
02-24-2010 01:30 AM
Hi Mark,
Actually, yes (thanks for the jolt, I should have posted this as soon as I found out...sorry guys).
I had a chat with some Cisco guys and it is a bug which is fixed in 2.5 due out around March/April (although I dont think there is a firm date for this so dont take it as gospel)
Hope this helps
Cheers
Shaun
08-22-2010 08:33 AM
A quick FYI. The Anyconnect 2.5.0217 is out and it has a fix for CSCtd47600, which I think describes the issue you mention here.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: