Secure Connect VPN First Connection Attempt Always TLS Instead of DTLS

Scott_L
Conversationalist

Secure Connect VPN First Connection Attempt Always TLS Instead of DTLS

We have been having issues on Windows 11 devices when connecting to Secure Connect VPN the first time, the connection is established using TLS instead of DTLS resulting in poor performance.  All subsequent attempts result in a DTLS connection.  Rebooting the device will result in the first attempt negotiating TLS.  This is causing users to connect multiple times to "fix" their performance issue.  This behavior has been observed connecting to both an on premise MX and the Secure Connect datacenters.  Support suggested enabling the routing and remote access service in Windows with delayed start (didn't work).  Other than that they pretty much washed their hands and said they don't have an answer.

1 Reply 1
PhilipDAth
Kind of a big deal
Kind of a big deal

Secure Client will ALWAYS attempt a TLS connection first.  Once the TLS connection is up it will then concurrently attempt to form a DTLS connection and change over.  If the DTLS connection fails, it will stay using the TLS connection.

This way the user is guaranteed to get a client VPN connection.

 

The questoin is then - what is causing the DTLS connection to fail.  What kind of CPE are you connection from behind of?  Have you checked them for firmware updates?

 

What happens if you use a different internet connection, such as mobile?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.