We are having problems with Anyconnect client after upgrading from 2.4.x to 2.5.0217, but only on some computers.
We've made tests on some computers and it works fine, but on two PC's there is a problem which we can see on ASA like this:
4|Jul 22 2010|12:00:42|113019|||||Group = ARAS, Username = xxx, IP = x.x.x.x, Session disconnected. Session Type: SSL, Duration: 0h:03m:16s, Bytes xmt: 447553, Bytes rcv: 28063, Reason: Client type not supported
When we investigate the log we compare the log when it works and log where the problem exist:
When it works log is like this: (on first PC)
6|Jul 23 2010|10:10:44|737026|||||IPAA: Client assigned 192.168.6.41 from local pool 6|Jul 23 2010|10:10:44|725002|22.214.171.124|1892|||Device completed SSL handshake with client OUTSIDE:126.96.36.199/1892 6|Jul 23 2010|10:10:44|725001|188.8.131.52|1892|||Starting SSL handshake with client OUTSIDE:184.108.40.206/1892 for TLSv1 session.
When it doesn't work clent terminates without any understanable explanation: (on second PC)
6|Jul 22 2010|12:01:07|725007|220.127.116.11|1259|||SSL session with client OUTSIDE:18.104.22.168/1259 terminated. 6|Jul 22 2010|12:01:07|725002|22.214.171.124|1267|||Device completed SSL handshake with client OUTSIDE:126.96.36.199/1259 6|Jul 22 2010|12:01:07|725001|188.8.131.52|1267|||Starting SSL handshake with client OUTSIDE:184.108.40.206/1259 for TLSv1 session
It seems that in case when it doesn't work, the client doesn't get IP address. We have tried many times on both PCs and the result is always the same. First PC works, second not.
We are using authentication from OTP server and authorization based on user group in AD. We are checking DAP parameters for allowing users to connect and using cache cleaner, but we are not using CSD.
The main problem is to make an upgrade, because user needs administrator rights on PCs. So, we suggested our partner that their clients should do upgrade manually, but the first one who made an upgrade, was having this issue. Before upgrade everything was working fine and after upgrade not. When we made this upgrade in testing environment, everything was working fine.
Debug for DAP is OK and there is no other errors when we are debugging connection.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...