Meraki AnyConnect-Secure Client connecting - disconnecting during startup

rhamersley
Getting noticed

Meraki AnyConnect-Secure Client connecting - disconnecting during startup

Many users are experiencing with their Cisco Secure Client when trying to log into their VPN into our Meraki MX configured/enabled for Cisco Anyconnect.

 

Our users experience when they enter their network credentials to connect to the VPN it goes through a revolving connecting and then disconnecting and then connecting again for about 1 minute during the initial connection.  After that it usually stays static?   Anyone else encountering this while your users are trying to connect to the VPN using Cisco Secure Client??

 

Cisco Secure Client version - 5.0.03076

Meraki MX firmware version - MX 18.107.2

 

rhamersley_0-1704470966767.png

 

6 Replies 6
Rekun
Here to help

i have seen the same thing.

I have not looked into it though, as it happens so quick that user’s haven’t complained about it 

rhamersley
Getting noticed

Users while logging onto the Cisco Secure Client VPN it will connect then disconnect then try connecting again and disconnect and then connect again.    It usually does this about 3 times before it becomes static?  

 

Does anyone know why this is happening?   

Is this on the Meraki MX appliance side that is causing this??

Is this the Cisco Secure Client creating this???

Is this the VPN tunnel trying to get established????

MartinLL
Building a reputation

If you have a firewall in front of the meraki MX you might need to open udp 443 as well. Anyconnect establishes the initial tunnel over tcp, but after that the client tries to create a DTLS tunnel in paralell over udp 443.

MLL
rhamersley
Getting noticed

I have the same issue in my environment and opened a Meraki support ticket and they were unable to get any kind of resolution.  

 

Its frustrating with our users.

B_Seiler
Here to help

We see the same issue with many of our users.
Does not happen all the time, and does not happen (as far as we know) with all users.
More of a nuisance than a blocking issue.

AlexP
Meraki Employee
Meraki Employee

Hey folks,

This is a well-known consequence of DTLS negotiations failing: https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116881-technot...

If it's not a huge issue to your users, it's relatively harmless to leave it be, but if you want to fix it, make sure your appliances are reachable on UDP 443

Get notified when there are additional replies to this discussion.