Having some issues with Anyconnect on MX 64 (MX 17.6). I have a very basic Anyconnect setup. Below is a diagram of how I have my MX setup in a lab setting. I put static NAT in my router to port forward a custom port for Anyconnect using 8443. AAA is set to use Meraki Cloud Authentication. Client Anyconnect version is 4.10~
When I connect I do get a login prompt but after successful Auth the connection fails.
At this point it stalls for a few and then the following two popup errors are displayed
This happens everytime I get through the login.
Anyone have this issue? I did a packet capture and look through the event logs but I can't see what is causing the connection failure.
EDIT: I did finally find something in the event log that shows a possible clue:
|May 18 13:38:17||AnyConnect VPN connection event||msg: Server IP=10.10.40.19 Server port=8443 Prot[TCP] Peer IP=X.X.X.X Peer port=48571 conn_id Connection closed.|
|May 18 13:38:08||AnyConnect VPN session event||msg: Sess-ID Peer IP=X.X.X.X User[torydav@...]: Session connected. Session Type: SSL|
|May 18 13:38:08||AnyConnect VPN session event||msg: Sess-ID Peer IP=X.X.X.X User[torydav@...]: Session disconnected. Session Type: SSL, Duration: 0d:00h:33m:12s, Bytes xmt: 0, Bytes rcv: 0, Reason: Port Suspended|
|May 18 13:38:08||AnyConnect VPN authentication success||msg: Peer IP=X.X.X.X Peer port=48571 AAA: AAA authentication successful|
|May 18 13:38:02||AnyConnect VPN connection event||msg: Server IP=10.10.40.19 Server port=8443 Prot[TCP] Peer IP=X.X.X.X Peer port=48571 conn_id SSL connection established. Cipher: ECDHE-RSA-AES256-GCM-SHA384|
Client Message History:
1:37:59 PM Contacting https://X.X.X.X:8443.
1:38:07 PM User credentials entered.
1:38:07 PM Please respond to banner.
1:38:09 PM User accepted banner.
1:38:09 PM Establishing VPN session...
1:38:09 PM The AnyConnect Downloader is performing update checks...
1:38:09 PM Checking for profile updates...
1:38:09 PM Checking for customization updates...
1:38:09 PM Performing any required updates...
1:38:09 PM The AnyConnect Downloader updates have been completed.
1:38:09 PM Establishing VPN - Initiating connection...
1:38:10 PM Establishing VPN session...
1:38:16 PM Disconnect in progress, please wait...
1:38:16 PM Connection attempt has failed.
1:38:16 PM Ready to connect.
As I understand, you forwarded the port 8443 ? I did some tests with Anyconnect and the Mx and taking a trace on the VPN client, the port used is the 443 and not the 8443.
Did you tested also with the 443 ?
I'm wondering if it has to do with the 13:38:08 entry with peer port 48571. If that is also not getting forwarded, I suspect traffic can't get through and the connection is dropped.