Cisco Support Community
Community Member

Problem with Anyconnect client


We are having problems with Anyconnect client after upgrading from 2.4.x to 2.5.0217, but only on some computers.

We've made tests on some computers and it works fine, but on two PC's there is a problem which we can see on ASA like this:

4|Jul 22 2010|12:00:42|113019|||||Group = ARAS, Username = xxx, IP = x.x.x.x, Session disconnected. Session Type: SSL, Duration: 0h:03m:16s, Bytes xmt: 447553, Bytes rcv: 28063, Reason: Client type not supported

When we investigate the log we compare the log when it works and log where the problem exist:

When it works log is like this: (on first PC)

6|Jul 23 2010|10:10:44|737026|||||IPAA: Client assigned from local pool
6|Jul 23 2010|10:10:44|725002||1892|||Device completed SSL handshake with client OUTSIDE:
6|Jul 23 2010|10:10:44|725001||1892|||Starting SSL handshake with client OUTSIDE: for TLSv1 session.

When it doesn't work clent terminates without any understanable explanation: (on second PC)

6|Jul 22 2010|12:01:07|725007||1259|||SSL session with client OUTSIDE: terminated.
6|Jul 22 2010|12:01:07|725002||1267|||Device completed SSL handshake with client OUTSIDE:
6|Jul 22 2010|12:01:07|725001||1267|||Starting SSL handshake with client OUTSIDE: for TLSv1 session

It seems that in case when it doesn't work, the client doesn't get IP address. We have tried many times on both PCs and the result is always the same. First PC works, second not.

Any similar problem, any idea?

BR,  Marko


Re: Problem with Anyconnect client

Can you please provide additional details regarding your setup?  Are you doing any type of authorization on this ASA that might restrict users to a certain tunneling protocol?  Are you using CSD or DAP?

Community Member

Re: Problem with Anyconnect client

We are using authentication from OTP server and authorization based on user group in AD. We are checking DAP parameters for allowing users to connect and using cache cleaner, but we are not using CSD.

The main problem is to make an upgrade, because user needs administrator rights on PCs. So, we suggested our partner that their clients should do upgrade manually, but the first one who made an upgrade, was having this issue. Before upgrade everything was working fine and after upgrade not. When we made this upgrade in testing environment, everything was working fine.

Debug for DAP is OK and there is no other errors when we are debugging connection.


CreatePlease to create content