Meraki Anyconnect down for some customers?

ciscominer
Conversationalist

Meraki Anyconnect down for some customers?

Around 11:20am EST our MX250's Anyconnect service failed. Users couldn't reconnect and a soft reset of the service didn't solve the problem. Initially the error we got on reconnect was:

 

"Anyconnect was not able to establish a connection to the specified gateway. Please try connecting again"

 

Immediately followed by message:

 

"The secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication. The following message was received from the secure gateway: Other error"

 

After the service restart, our users no longer receive either message above. Briefly during new connection attempts the client flashes "Failed contacting (our MX DDNS hostname)", then changes to "please enter your username and password" and pops up the normal login prompt. after entering creds it just sits and then times out.

 

I hopped on the horn with meraki support and they confirmed we're not the only customers affected and they're currently working with product and dev teams to resolve and come up with a fix.

 

We're running MX250's in HA

FW 16.16

on-prem RADIUS Auth

12 REPLIES 12
ciscominer
Conversationalist

I'll add that no changes were made to the service or appliance recently that would have caused our AnyConnect service to fail. 

Zach3
New here

Yes, we were running 16.16.2. Meraki support had us reboot and then upgrade to 16.16.6 but that didn't fix the issue. They said it's an issue affecting multiple customers now, so waiting for an update via email. 

ciscominer
Conversationalist

We're on 16.16.0 and they were suggesting we upgrade to 16.16.6... then stopped me right before I did it. Thanks for being the guinea pig I guess?

FYI, it's not related to this issue (refer to this thread for updates), but if you're still running 16.16, be aware that there's a DoS vulnerability that may disrupt AnyConnect services: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vnE...

 

It is still recommended that you update to a fixed version as soon as possible.

ciscominer
Conversationalist

Thanks Alex. The support rep informed me of that vuln too and they confirmed this wasn't related. We'll upgrade the appliance as soon as this issue is fixed providing the target FW isn't affected.

Alex, For those of us that were up to date on our patchwork can you tell me if there is any kind of follow up action who's results will be shared to the community so that they can explain what happened and how it is being addressed?  I appreciate consideration you may make in response to my question.  Thank you, Scott D Hansen - DBA - Systems Engineer

LE1
Just browsing

 

We've had the same issue since about 4pm uk time, MX100 running 16.16.

 

_jake_
New here

Same thing is happening to us - initially it was failing on a couple of our sites, and working on others. As of 10 min ago its not working on any of our remote sites. We're running 17.10 on all of our MX's

Looks like the issue has been resolved on my end. I received this reply on my ticket - 

 

"At this point in time, the issue with AnyConnect VPN should now be resolved. If you are still having issues, try to make a minor Dashboard config change, wait for the MX to register the change, and try again. Please reach back out if that has been tried and AnyConnect still is not working."

 

Initially it would not connect so I followed the instructions and went into each MX with AnyConnect Enabled and made a small config change and saved that change. My Change was just changing the text of the AnyConnect login banner. After the change was made and the MX updated the config I was successfully able to connect to all MX's with AnyConnect enabled.

BlakeRichardson
Kind of a big deal

My dashboard is reporting the following message.

 

We are investigating an issue where a small number of MX Security Appliances running AnyConnect client VPN are failing to accept new connections, starting around 10/27/2022 14:45 GMT. Our development team has identified the problem and is working to resolve the issue as soon as possible. Please note that Dashboard config changes on all MX networks with AnyConnect enabled may be delayed until the issue is resolved.

www.btr.net.nz
LE1
Just browsing

Hi all,

 

I've just tried ours on 2 laptops and both worked.

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels