I have an ASA 5520 and I am having trouble getting the AnyConnect VPN authentication timeout feature to work properly. I thought I did have it working a couple of months ago, but right now it is not giving me more than the default 12 seconds. I have tried intervals of anywhere from 25 seconds up to 120. I am currently runnign version 6.4 on the ASA and AnyConnect 2.5.3055. Any input is appreciated.
I have been setting it in the client profile. I see that the server timeout can be set in the AAA server group, but my issue is that the AnyConnect client times out before th second part of the two factor authentication can occur.
I looked in the event viewer on the client and anyconnect reports that the timeout of 180s is beyond the allowed range, so it is defaulting to the 12 seconds. I am not sure where it is getting the 180s from, as I do not have that set in the client profile. I am wondering if it is using an older config and not updating with the new profile?
I think I am now talking to myself, but hopefully this helps someone else someday!
The profiles located in C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\Profile were not updated. The client was using both the wrong profile AND an outdated profile. I modified the profile locally and the client worked fine. Now I need to determine why the client profile's are not being downloaded.
I have checked and double checked the settings and the proper client profile is chosen. When AnyConnect talks to the firewall though, it is not updating the profiles. Either the client is not trying to download them, or the ASA is sending the wrong info.
Yep. I removed them from my machine. I also fixed the profile Iw as trying to use. I misconfigured the host info, so it was unable to connect on that profile. I am wondering if it jumps to the next profile in the folder to see if that works, which is why it was not using the intended profile?
I have it working properly now and updating the profile properly. All is right in the world.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :