Meraki

JacobS5

Our MX85 drops UDP/DTLS connections, only responds to TCP/TLS. this seems to start after about a month of uptime and is fixed with a reboot.

I've confirmed the MX sees these packets, but ignores them and doesn't respond, showing udp 443 is open. The vpn then continues to work over tls
The MTU is 1500 and doesn't change pre & post reboot
This has been happening for months, always a reboot of the mx fix it.

anyone ran into this before?

Ryan_Miles

What firmware version are you running?

JacobS5

19.1.8.1, planning to upgrade to MX 19.1.11 overnight. I looked through the bug fixes on the patch notes of this version, recent versions. Doesn't appear to be a known issue or something that has been solved yet.

Ryan_Miles

Have you opened a Support case? There are some fixes to the AnyConnect service in some of the newer releases.

If it's working for a while then stops working I would tend to think the service is stalling or crashing. Or, something else time in service related like port exhaustion, etc. Just a guess though. Support would be able to give a better answer after they look at your MX and the logs.

PhilipDAth

Does your MX have the public IP address directly on its WAN interface, or is it sitting behind something NATing to it?

JacobS5

Nope, has the public ip on its Wan

Meraki

Community

MX85 drops anyconnect DTLS, only accepts TCP. Causes repeat disconnect/reconnect of vpn at startup

MX85 drops anyconnect DTLS, only accepts TCP. Causes repeat disconnect/reconnect of vpn at startup