Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AnyConnect VPN Connecting and reconnecting over and over to the Mearki MX appliances

rhamersley
Getting noticed
‎Jan 31 2024 5:11 AM
‎Jan 31 2024 5:11 AM

AnyConnect VPN Connecting and reconnecting over and over to the Mearki MX appliances

We are encountering users connecting to our Meraki MX appliances through the Cisco Secure Client Anyconnect.   When they connect to the VPN it states it connects then disconnects and then reconnects about 3 to 5 times every time someone logs into the VPN.   After about 5 minutes of this it actually stabilizes and stays static.    Meraki support was not able to provide any feed back why.   Would like to ask the "Community" here to see if anyone else has experienced this and what actions they might have taken.

 

 

Labels:
0 Kudos
Subscribe
10 Replies 10
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Jan 31 2024 7:08 AM
‎Jan 31 2024 7:08 AM

Are your users using the Windows Store version of Secure Client?

0 Kudos
Subscribe
In response to CptnCrnch
rhamersley
Getting noticed
‎Jan 31 2024 7:16 AM
‎Jan 31 2024 7:16 AM

No.  We are using the downloaded AnyConnect Client version from the Meraki Dashboard.   Below is a screen shot of the downloadable AnyConnect Secure Client version.

 

rhamersley_0-1706714118629.png

 

0 Kudos
Subscribe
rhamersley
Getting noticed
‎Jan 31 2024 7:19 AM
‎Jan 31 2024 7:19 AM

You can see the logs from the Secure Client of the multiple times it connects and disconnects and reconnects.

 

I know its not my home internet since I have fiber directly into my home and up and down stream speeds are 925MB UP and 910MB down.

 

10:04:47 AM Reconnecting to Denver Corporate VPN...
10:04:49 AM Establishing VPN - Examining system...
10:05:00 AM Establishing VPN - Activating VPN adapter...
10:05:01 AM Establishing VPN - Configuring system...
10:05:01 AM Establishing VPN...
10:05:01 AM Connected to Denver Corporate VPN.
10:05:01 AM Reconnecting to Denver Corporate VPN...
10:05:02 AM Establishing VPN - Examining system...
10:05:02 AM Establishing VPN - Activating VPN adapter...
10:05:02 AM Establishing VPN - Configuring system...
10:05:02 AM Establishing VPN...
10:05:03 AM Connected to Denver Corporate VPN.
10:05:06 AM Reconnecting to Denver Corporate VPN...
10:05:08 AM Reconnecting, waiting for network connectivity...
10:05:10 AM Reconnecting to Denver Corporate VPN...
10:05:12 AM Establishing VPN - Examining system...
10:05:12 AM Establishing VPN - Activating VPN adapter...
10:05:12 AM Establishing VPN - Configuring system...
10:05:13 AM Establishing VPN...
10:05:13 AM Connected to Denver Corporate VPN.
10:06:16 AM Reconnecting to Denver Corporate VPN...
10:06:17 AM Establishing VPN - Examining system...
10:06:25 AM Establishing VPN - Activating VPN adapter...
10:06:26 AM Establishing VPN - Configuring system...
10:06:26 AM Establishing VPN...
10:06:26 AM Connected to Denver Corporate VPN.
10:06:26 AM Reconnecting to Denver Corporate VPN...
10:06:27 AM Establishing VPN - Examining system...
10:06:27 AM Establishing VPN - Activating VPN adapter...
10:06:27 AM Establishing VPN - Configuring system...
10:06:27 AM Establishing VPN...
10:06:27 AM Connected to Denver Corporate VPN.
10:06:59 AM Reconnecting to Denver Corporate VPN...
10:07:01 AM Reconnecting, waiting for network connectivity...
10:07:14 AM Reconnecting to Denver Corporate VPN...
10:07:17 AM Reconnecting to Denver Corporate VPN...
10:07:18 AM Establishing VPN - Examining system...
10:07:25 AM Establishing VPN - Activating VPN adapter...
10:07:27 AM Establishing VPN - Configuring system...
10:07:27 AM Establishing VPN...
10:07:27 AM Connected to Denver Corporate VPN.
10:07:27 AM Reconnecting to Denver Corporate VPN...
10:07:28 AM Establishing VPN - Examining system...
10:07:28 AM Establishing VPN - Activating VPN adapter...
10:07:28 AM Establishing VPN - Configuring system...
10:07:29 AM Establishing VPN...
10:07:29 AM Connected to Denver Corporate VPN.
10:07:58 AM Reconnecting to Denver Corporate VPN...
10:08:00 AM Reconnecting, waiting for network connectivity...
10:08:09 AM Reconnecting to Denver Corporate VPN...
10:08:11 AM Reconnecting to Denver Corporate VPN...
10:08:11 AM Establishing VPN - Examining system...
10:08:11 AM Establishing VPN - Activating VPN adapter...
10:08:12 AM Establishing VPN - Configuring system...
10:08:12 AM Establishing VPN...
10:08:12 AM Connected to Denver Corporate VPN.
10:09:15 AM Reconnecting to Denver Corporate VPN...
10:09:16 AM Establishing VPN - Examining system...
10:09:24 AM Establishing VPN - Activating VPN adapter...
10:09:26 AM Establishing VPN - Configuring system...
10:09:26 AM Establishing VPN...
10:09:26 AM Connected to Denver Corporate VPN.
10:09:26 AM Reconnecting to Denver Corporate VPN...
10:09:27 AM Establishing VPN - Examining system...
10:09:27 AM Establishing VPN - Activating VPN adapter...
10:09:27 AM Establishing VPN - Configuring system...
10:09:27 AM Establishing VPN...
10:09:27 AM Connected to Denver Corporate VPN.

0 Kudos
Subscribe
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jan 31 2024 8:18 AM
‎Jan 31 2024 8:18 AM

Does the problem happen to all users? If not, what is different about users who experience the problem?
 
System version for example.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
rhamersley
Getting noticed
‎Jan 31 2024 8:26 AM
‎Jan 31 2024 8:26 AM

Happens to a majority of our users.   They just deal with it currently.   All users are running Microsoft Windows 10 Pro and all our Meraki MX firmware levels are the same (MX 18.107.2).   Secure Client version is 5.0.03076.

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 31 2024 10:58 AM
‎Jan 31 2024 10:58 AM

Does your MX connect using PPPoE by chance, or using a method with an MTU of less than 1500 bytes?

 

This kind of behaviour often happens when a "black hole" is detected, and the client disconnects and reconnects using a smaller MTU, trying to guess what the end to end MTU actually is.

 

If you forcibly lower the MTU on a client does the issue go away?  Try something extreme like a 1000 bytes to begin with to prove if it is or is not related to the issue.

0 Kudos
Subscribe
In response to PhilipDAth
rhamersley
Getting noticed
‎Jan 31 2024 12:07 PM
‎Jan 31 2024 12:07 PM

Quick question where would the MTU config be located at.  Would that be on the XML profile of the Cisco Secure Client side??

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 31 2024 10:59 AM
‎Jan 31 2024 10:59 AM

Another thought - is the public IP directly on the MX WAN interface, or does it sit behind something else doing NAT?

0 Kudos
Subscribe
rhamersley
Getting noticed
‎Jan 31 2024 12:05 PM
‎Jan 31 2024 12:05 PM

The Public IP address is on the MX WAN interface and does not sit behind anything.

0 Kudos
Subscribe
rhamersley
Getting noticed
‎Jan 31 2024 12:06 PM
‎Jan 31 2024 12:06 PM

Our Users authenticate using AD credentials that pop up while trying to authenticate using Cisco Secure Client/Anyconnect.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.