AnyConnect connection issues after ASA 9.2(2)4 upgrade
Curious to know if anyone else is having issues after upgrading to ASA 9.2(2)4 and the AnyConnect client.
We have a ASA-5512-X unit setup that initially ran 9.1(5) of the ASA software and AnyConnect v3.1.0582 for Windows - all fine and working as expected. After upgrading to ASA 9.2(2)4 on account of the latest security advisories, I've started to see connection issues with the ASA clients.
While the AnyConnect client connects, receives it's address assignment, and can seemingly communicate with its tunneled networks, we are seeing intermittent connectivity issues. For example, making a SSH connection to a remote host over the VPN will initially connect but then stop after about 30 seconds with a SYN timeout shown in the ASA logs. HTTP connections to remote hosts over the VPN also stop after making an initial connection and show a SYN timeout. The rest of the logs appear fine - the connection is built and seemingly works but then drops. The VPN connection via AnyConnect stays connected the entire time.
Checks of the configuration show nothing out of place and if we connect with a third party (though I know unsupported) client such as "shrewsoft" with the same connection profile, same user, the connection works fine. I've upgraded to the latest AnyConnect release v3.1.0587 but this exhibits the same behavior.
Is anyone else experiencing any issues with AnyConnect after upgrading past the 9.1(5) release?
It's working OK for me with the following versions:
ASA# show ver | i bin System image file is "disk0:/asa922-4-smp-k8.bin" ASA# sh run | i pkg anyconnect image disk0:/anyconnect-win-3.1.05182-k9.pkg 2 anyconnect image disk0:/anyconnect-macosx-i386-3.1.05187-k9.pkg 3 anyconnect image disk0:/anyconnect-linux-64-3.1.05182-k9.pkg 4 ASA#
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :