AnyConnect OGS setup

CloudViking86
Here to help

AnyConnect OGS setup

Hello,

 

New to AnyConnect and this is what I would like to accomplish:

- MX running AnyConnect in Country A <-- Default server (since a server needs to be entered as the default server)

- MX running AnyConnect in Country B

- MX running Anyconnect in Country C

 

All other settings not mentioned below are set to their default value - AnyConnect Profile Editor;
Preferences (Part 2)

  • Enable Optimal Gateway Selection = Checked
    • User Controllable = Checked
  • Suspension Time Threshold (hours) = 4
  • Performance Improvement Threshold (%) = 20

Server List > Server List Entry

I can successfully connect using this profile but when I tried to use another VPN to place myself in Country D which would be closest to Country B rather then A and then try to connect to AnyConnect I still get the primary server - Country A - when Country B would be closer.

 

This is what I found regarding OGS;
https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116721-technot...

 

Would appreciate another set of eyes and feedback so I haven't misconfigured anything - Karl, Sweden

 

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal

The group should be left blank.

 

The hostname should be just an FQDN.  e,g.

countrya.dynamic-m.com

 

I'm not 100% sure with OGS, but I think you just list all the servers it can choose from.  The last one I did was a bit more complicated with trusted network detection, and I can't quite remember which bits were only for OGS.

 

Also note this:

"OGS location entries are cached for 14 days."

So if you connect from an IP address, you will continue to connect to the same AnyConnect head end if you use that same IP address for the next 14 days.

You might want to test this using something like a 4G connection where you can disconnect/connect again to get a different IP address for each connection.

Thank you for your reply.
I will try it out (reached out to a colleague who is located closer to Country B then my Country A) and update this thread 🙂

My colleague got back to me (he is in country Z with the closest server of country B, country A is my country and is set to the default server), attaching a snippet of his  "DARTBundle" AnyConnect-log below;

******************************************

Date        : 03/10/2022
Time        : 22:46:37
Type        : Information
Source      : acvpnui

Description : Function: ClientIfcBase::handleAHSPreferences
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\api\clientifcbase.cpp
Line: 4508
OGS is enabled


******************************************

Date        : 03/10/2022
Time        : 22:46:37
Type        : Information
Source      : acvpnui

Description : Function: CHeadendSelection::selectHeadend
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\api\ahs\headendselection.cpp
Line: 268
Starting OGS processing for connection attempt. Last headend: countrya.dynamic-m.com


******************************************

Date        : 03/10/2022
Time        : 22:46:37
Type        : Information
Source      : acvpnui

Description : Message type prompt sent to the user:
Searching for optimal server. Please wait...


******************************************

Date        : 03/10/2022
Time        : 22:46:37
Type        : Information
Source      : acvpnui

Description : Function: CHeadendSelection::startPingThreads
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\api\ahs\headendselection.cpp
Line: 410
OGS Sending test ping to countrya.dynamic-m.com:443


******************************************

Date        : 03/10/2022
Time        : 22:46:37
Type        : Information
Source      : acvpnui

Description : Function: CThread::createThread
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\common\utility\thread.cpp
Line: 263
The thread (0x000052AC) has been successfully created.


******************************************

Date        : 03/10/2022
Time        : 22:46:37
Type        : Warning
Source      : acvpnui

Description : Function: PluginLoader::instantiateInterfaces
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\common\utility\pluginloader.cpp
Line: 962
Invoked Function: PluginLoader::loadModulesWithInterface
Return Code: -29294570 (0xFE410016)
Description: PLUGINLOADER_ERROR_NO_INTERFACE_NAME:No interface name.
com.cisco.anyconnect.nam.api


******************************************

Date        : 03/10/2022
Time        : 22:46:37
Type        : Warning
Source      : acvpnui

Description : Function: PluginLoader::CreateInstance
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\common\utility\pluginloader.cpp
Line: 446
Invoked Function: PluginLoader::instantiateInterfaces
Return Code: -29294570 (0xFE410016)
Description: PLUGINLOADER_ERROR_NO_INTERFACE_NAME:No interface name.
com.cisco.anyconnect.nam.api


******************************************

Date        : 03/10/2022
Time        : 22:46:38
Type        : Error
Source      : acvpnui

Description : Function: HttpProbe::SendHttpProbe
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\common\ip\httpsession.cpp
Line: 233
Invoked Function: IHttpSession::SendRequest
Return Code: -28966884 (0xFE46001C)
Description: HTTP_SESSION_ERROR_INVALID_SERVER_RESPONSE
Last Error: 12152


******************************************

Date        : 03/10/2022
Time        : 22:46:38
Type        : Information
Source      : acvpnui

Description : Function: CHeadendSelection::startPingThreads
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\api\ahs\headendselection.cpp
Line: 458
OGS test ping took 578


******************************************

Date        : 03/10/2022
Time        : 22:46:38
Type        : Information
Source      : acvpnui

Description : Function: CThread::createThread
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\common\utility\thread.cpp
Line: 263
The thread (0x000066B0) has been successfully created.


******************************************

Date        : 03/10/2022
Time        : 22:46:38
Type        : Information
Source      : acvpnui

Description : Function: CHeadendSelection::CSelectionThread::Run
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\api\ahs\headendselection.cpp
Line: 931
OGS starting thread named countrya.dynamic-m.com


******************************************

Date        : 03/10/2022
Time        : 22:46:38
Type        : Information
Source      : acvpnui

Description : Function: PluginLoader::loadModule
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\common\utility\pluginloader.cpp
Line: 1140
Loading plugin acfeedback.dll


******************************************

Date        : 03/10/2022
Time        : 22:46:38
Type        : Information
Source      : acvpnui

Description : Function: CVerifyFileSignatureWindows::IsValid
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\commoncrypt\verifyfilesignaturewindows.cpp
Line: 110
Code-signing verification succeeded. File (C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\Plugins\acfeedback.dll)


******************************************

Date        : 03/10/2022
Time        : 22:46:39
Type        : Error
Source      : acvpnui

Description : Function: CHttpSessionWinInet::SendRequest
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\common\utility\httpsession_wininet.cpp
Line: 664
Invoked Function: GetStatusCode
Return Code: 0 (0x00000000)
Description: unknown



******************************************

Date        : 03/10/2022
Time        : 22:46:39
Type        : Error
Source      : acvpnui

Description : Function: HttpProbe::SendHttpProbe
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\common\ip\httpsession.cpp
Line: 233
Invoked Function: IHttpSession::SendRequest
Return Code: -28966910 (0xFE460002)
Description: HTTP_SESSION_ERROR_BAD_PARAMETER
Last Error: 0


******************************************

Date        : 03/10/2022
Time        : 22:46:39
Type        : Warning
Source      : acvpnui

Description : Function: CHeadendSelection::CSelectionThread::Run
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\api\ahs\headendselection.cpp
Line: 1027
OGS ping error for countrya.dynamic-m.com: 0


******************************************

Date        : 03/10/2022
Time        : 22:46:40
Type        : Error
Source      : acvpnui

Description : Function: CHttpSessionWinInet::SendRequest
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\common\utility\httpsession_wininet.cpp
Line: 664
Invoked Function: GetStatusCode
Return Code: 0 (0x00000000)
Description: unknown



******************************************

Date        : 03/10/2022
Time        : 22:46:40
Type        : Error
Source      : acvpnui

Description : Function: HttpProbe::SendHttpProbe
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\common\ip\httpsession.cpp
Line: 233
Invoked Function: IHttpSession::SendRequest
Return Code: -28966910 (0xFE460002)
Description: HTTP_SESSION_ERROR_BAD_PARAMETER
Last Error: 0


******************************************

Date        : 03/10/2022
Time        : 22:46:40
Type        : Warning
Source      : acvpnui

Description : Function: CHeadendSelection::CSelectionThread::Run
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\api\ahs\headendselection.cpp
Line: 1027
OGS ping error for countrya.dynamic-m.com: 0


******************************************

Date        : 03/10/2022
Time        : 22:46:41
Type        : Error
Source      : acvpnui

Description : Function: CHttpSessionWinInet::SendRequest
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\common\utility\httpsession_wininet.cpp
Line: 664
Invoked Function: GetStatusCode
Return Code: 0 (0x00000000)
Description: unknown



******************************************

Date        : 03/10/2022
Time        : 22:46:41
Type        : Error
Source      : acvpnui

Description : Function: HttpProbe::SendHttpProbe
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\common\ip\httpsession.cpp
Line: 233
Invoked Function: IHttpSession::SendRequest
Return Code: -28966910 (0xFE460002)
Description: HTTP_SESSION_ERROR_BAD_PARAMETER
Last Error: 0


******************************************

Date        : 03/10/2022
Time        : 22:46:41
Type        : Warning
Source      : acvpnui

Description : Function: CHeadendSelection::CSelectionThread::Run
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\api\ahs\headendselection.cpp
Line: 1027
OGS ping error for countrya.dynamic-m.com: 0


******************************************

Date        : 03/10/2022
Time        : 22:46:41
Type        : Information
Source      : acvpnui

Description : Function: CHeadendSelection::CSelectionThread::logThreadPingResults
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\api\ahs\headendselection.cpp
Line: 1140
OGS ping results for countrya.dynamic-m.com: (1234 1079 1078 )


******************************************

Date        : 03/10/2022
Time        : 22:46:41
Type        : Information
Source      : acvpnui

Description : Function: CHeadendSelection::CSelectionThread::Run
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\api\ahs\headendselection.cpp
Line: 1046
OGS terminating thread for countrya.dynamic-m.com


******************************************

Date        : 03/10/2022
Time        : 22:46:41
Type        : Error
Source      : acvpnui

Description : Function: CThread::invokeRun
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\common\utility\thread.cpp
Line: 463
Invoked Function: IRunnable::Run
Return Code: -28966910 (0xFE460002)
Description: HTTP_SESSION_ERROR_BAD_PARAMETER



******************************************

Date        : 03/10/2022
Time        : 22:46:41
Type        : Information
Source      : acvpnui

Description : Function: CThread::WaitForCompletion
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\common\utility\thread.cpp
Line: 331
The thread (0x000066B0) has successfully completed execution.


******************************************

Date        : 03/10/2022
Time        : 22:46:41
Type        : Warning
Source      : acvpnui

Description : Function: CHeadendSelection::startPingThreads
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\api\ahs\headendselection.cpp
Line: 503
Invoked Function: CSelectionThread::Run
Return Code: -28966910 (0xFE460002)
Description: HTTP_SESSION_ERROR_BAD_PARAMETER



******************************************

Date        : 03/10/2022
Time        : 22:46:41
Type        : Information
Source      : acvpnui

Description : Function: CHeadendSelection::finishAHS
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\api\ahs\headendselection.cpp
Line: 180
OGS in finishAHS() for first time


******************************************

Date        : 03/10/2022
Time        : 22:46:41
Type        : Information
Source      : acvpnui

Description : Function: CHeadendSelection::logPingResults
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\api\ahs\headendselection.cpp
Line: 631
*** OGS Selection Results ***
OGS performed for connection attempt. Last server: 'countrya.dynamic-m.com'

Server Address     RTT (ms)
countrya.dynamic-m.com     1078

Selected 'countrya.dynamic-m.com' as the optimal server.



******************************************

Date        : 03/10/2022
Time        : 22:46:41
Type        : Information
Source      : acvpnui

Description : Function: CHeadendSelection::finishAHS
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\api\ahs\headendselection.cpp
Line: 226
Finished OGS thread, selected countrya.dynamic-m.com


******************************************

Date        : 03/10/2022
Time        : 22:46:41
Type        : Information
Source      : acvpnui

Description : Function: CThread::createThread
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\common\utility\thread.cpp
Line: 263
The thread (0x00002FB4) has been successfully created.


******************************************

Date        : 03/10/2022
Time        : 22:46:41
Type        : Information
Source      : acvpnui

Description : Function: ClientIfcBase::AHSSelectedHost
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\api\clientifcbase.cpp
Line: 3896
OGS selected host Meraki VPN Global AnyConnect


******************************************

Date        : 03/10/2022
Time        : 22:46:41
Type        : Information
Source      : acvpnui

Description : Function: ClientIfcBase::AHSSelectedHost
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\api\clientifcbase.cpp
Line: 3902
OGS saving cache to preferences.


******************************************

Date        : 03/10/2022
Time        : 22:46:41
Type        : Information
Source      : acvpnui

Description : Message type information sent to the user:
Automatically selected server: Meraki VPN Global AnyConnect


******************************************

Date        : 03/10/2022
Time        : 22:46:41
Type        : Information
Source      : acvpnagent

Description : Using default preferences. Some settings (e.g. certificate matching) may not function as expected if a local profile is expected to be used. Verify that the selected host is in the server list section of the profile and that the profile is configured on the secure gateway.


******************************************

Date        : 03/10/2022
Time        : 22:46:41
Type        : Error
Source      : acvpnagent

Description : Function: PreferenceMgr::getParsedPreferenceFile
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\api\preferencemgr.cpp
Line: 1034
User preferences have not been loaded.


******************************************

Date        : 03/10/2022
Time        : 22:46:41
Type        : Information
Source      : acvpnui

Description : Message type prompt sent to the user:
Ready to connect.


******************************************

Date        : 03/10/2022
Time        : 22:46:41
Type        : Information
Source      : acvpnui

Description : Function: CThread::WaitForCompletion
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\common\utility\thread.cpp
Line: 331
The thread (0x00002FB4) has successfully completed execution.


******************************************

Date        : 03/10/2022
Time        : 22:46:45
Type        : Warning
Source      : acvpnui

Description : Function: ProfileMgr::getProfileNameFromHost
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\api\profilemgr.cpp
Line: 1269
No profile available for host Automatic Selection.


******************************************

Date        : 03/10/2022
Time        : 22:46:45
Type        : Information
Source      : acvpnui

Description : An SSL VPN connection to Meraki VPN Global AnyConnect has been requested by the user.


******************************************

Date        : 03/10/2022
Time        : 22:46:45
Type        : Information
Source      : acvpnui

Description : Loading preferences for the current user from profile C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\MerakiVPNGlobalAnyConnectSAML.xml


******************************************

Date        : 03/10/2022
Time        : 22:46:45
Type        : Error
Source      : acvpnui

Description : Function: PreferenceMgr::loadPreferences
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\api\preferencemgr.cpp
Line: 1277
Invoked Function: PreferenceInfo::getPreference
Return Code: 0 (0x00000000)
Description: EnableAutomaticServerSelection



******************************************

Date        : 03/10/2022
Time        : 22:46:45
Type        : Information
Source      : acvpnui

Description : Current Preference Settings:
ServiceDisable: false
CertificateStoreOverride: false
CertificateStore: All
ShowPreConnectMessage: false
AutoConnectOnStart: false
MinimizeOnConnect: true
LocalLanAccess: false
DisableCaptivePortalDetection: false
AutoReconnect: true
AutoReconnectBehavior: ReconnectAfterResume
SuspendOnConnectedStandby: false
UseStartBeforeLogon: false
AutoUpdate: true
RSASecurIDIntegration: Automatic
WindowsLogonEnforcement: SingleLocalLogon
WindowsVPNEstablishment: LocalUsersOnly
ProxySettings: Native
AllowLocalProxyConnections: false
PPPExclusion: Automatic
PPPExclusionServerIP: 
AutomaticVPNPolicy: false
TrustedNetworkPolicy: Disconnect
UntrustedNetworkPolicy: Connect
TrustedDNSDomains: 
TrustedDNSServers: 
TrustedHttpsServerList: 
AlwaysOn: false
ConnectFailurePolicy: Closed
AllowCaptivePortalRemediation: false
CaptivePortalRemediationTimeout: 5
ApplyLastVPNLocalResourceRules: false
AllowVPNDisconnect: true
AllowedHosts: 
EnableScripting: false
TerminateScriptOnNextEvent: false
EnablePostSBLOnConnectScript: true
AutomaticCertSelection: true
RetainVpnOnLogoff: false
UserEnforcement: SameUserOnly
EnableAutomaticServerSelection: true
AutoServerSelectionImprovement: 20
AutoServerSelectionSuspendTime: 4
AuthenticationTimeout: 30
SafeWordSofTokenIntegration: false
AllowIPsecOverSSL: false
ClearSmartcardPin: true
IPProtocolSupport: IPv4,IPv6
CaptivePortalRemediationBrowserFailover: false
AllowManualHostInput: true
BlockUntrustedServers: true
PublicProxyServerAddress: 
CertificatePinning: false



******************************************

Date        : 03/10/2022
Time        : 22:46:45
Type        : Information
Source      : acvpnui

Description : Function: ConnectMgr::setConnectionData
File: c:\temp\build\thehoff\phoenix_fcs0.660176920511\phoenix_fcs\vpn\api\connectmgr.cpp
Line: 2076
Resetting client certificate list.


******************************************

it does not seem to evalute country B at all as shown in row 312-325, it only pings country A and therefore it is the only alternative even though country B is specified in the "Backup Servers"-list.

 

It is the first time he has tried AnyConnect so there shouldn't be a cached result "mudding the waters" so to speak.

Get notified when there are additional replies to this discussion.