Meraki

Community

vMX-M with Anyconnect nothing happens after duo push

ehutson82
Here to help
‎Mar 15 2022 2:22 PM
‎Mar 15 2022 2:22 PM

vMX-M with Anyconnect nothing happens after duo push

I've deployed a vMX-m and setup routes in Azure, I'm able to ping the public address of the virtual appliance and the ddns name of the appliance, however when trying to connect to the client VPN that was setup on the appliance, I get as far as getting a duo prompt, twice then nothing. Anything anyone could add let me know if I'm missing anything?

Labels:
0 Kudos
6 Replies 6
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 15 2022 3:10 PM
‎Mar 15 2022 3:10 PM

Check this article: https://documentation.meraki.com/MX/AnyConnect_on_the_MX_Appliance/AnyConnect_Troubleshooting_Guide#....

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 15 2022 7:22 PM
‎Mar 15 2022 7:22 PM

On the AnyConnect configuration in the Meraki dashboard change the timeout to something like 30s.  I'm betting you have it on the default of 5s - and you wont be completing the entire push process within 5s.

In response to PhilipDAth
OCTOMG
Here to help
‎Mar 16 2022 7:46 AM
‎Mar 16 2022 7:46 AM

As usual, @PhilipDAth is spot on.  We were experiencing the same symptom you described when we deployed it a few months ago.  We had to raise a support ticket to get the timeout increased to 60s for DUO to work with the Anyconnect client.

In response to OCTOMG
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 16 2022 1:00 PM
‎Mar 16 2022 1:00 PM

This is the setting (on the AnyConnect page) I would try changing to 30s.

 

PhilipDAth_0-1647460799986.png

 

0 Kudos
In response to PhilipDAth
OCTOMG
Here to help
‎Mar 17 2022 10:23 AM
‎Mar 17 2022 10:23 AM

Again, you're correct!  Went back and looked at the support ticket and it was for the IPsec Client VPN Radius Timeout setting, NOT AnyConnect.  We were testing both options, but opted to disable IPsec VPN and deploy AnyConnect only.

0 Kudos
Inderdeep
Kind of a big deal
Kind of a big deal
‎Mar 16 2022 7:59 AM
‎Mar 16 2022 7:59 AM

@ehutson82 : I heard that same issue from my friends network and i think @PhilipDAth said right, change the parameter and then check.

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.