Meraki

Community

Meraki Anyconnect down for some customers?

ciscominer
Conversationalist
‎Oct 27 2022 9:33 AM
‎Oct 27 2022 9:33 AM

Meraki Anyconnect down for some customers?

Around 11:20am EST our MX250's Anyconnect service failed. Users couldn't reconnect and a soft reset of the service didn't solve the problem. Initially the error we got on reconnect was:

 

"Anyconnect was not able to establish a connection to the specified gateway. Please try connecting again"

 

Immediately followed by message:

 

"The secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication. The following message was received from the secure gateway: Other error"

 

After the service restart, our users no longer receive either message above. Briefly during new connection attempts the client flashes "Failed contacting (our MX DDNS hostname)", then changes to "please enter your username and password" and pops up the normal login prompt. after entering creds it just sits and then times out.

 

I hopped on the horn with meraki support and they confirmed we're not the only customers affected and they're currently working with product and dev teams to resolve and come up with a fix.

 

We're running MX250's in HA

FW 16.16

on-prem RADIUS Auth

12 Replies 12
ciscominer
Conversationalist
‎Oct 27 2022 9:37 AM
‎Oct 27 2022 9:37 AM

I'll add that no changes were made to the service or appliance recently that would have caused our AnyConnect service to fail. 

0 Kudos
Zach3
Conversationalist
‎Oct 27 2022 9:43 AM
‎Oct 27 2022 9:43 AM

Yes, we were running 16.16.2. Meraki support had us reboot and then upgrade to 16.16.6 but that didn't fix the issue. They said it's an issue affecting multiple customers now, so waiting for an update via email. 

0 Kudos
In response to Zach3
ciscominer
Conversationalist
‎Oct 27 2022 9:51 AM
‎Oct 27 2022 9:51 AM

We're on 16.16.0 and they were suggesting we upgrade to 16.16.6... then stopped me right before I did it. Thanks for being the guinea pig I guess?

0 Kudos
In response to ciscominer
AlexP
Meraki Employee
Meraki Employee
‎Oct 27 2022 10:32 AM
‎Oct 27 2022 10:32 AM

FYI, it's not related to this issue (refer to this thread for updates), but if you're still running 16.16, be aware that there's a DoS vulnerability that may disrupt AnyConnect services: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vnE...

 

It is still recommended that you update to a fixed version as soon as possible.

In response to AlexP
ciscominer
Conversationalist
‎Oct 27 2022 10:38 AM
‎Oct 27 2022 10:38 AM

Thanks Alex. The support rep informed me of that vuln too and they confirmed this wasn't related. We'll upgrade the appliance as soon as this issue is fixed providing the target FW isn't affected.

0 Kudos
In response to AlexP
scottdhansen
Conversationalist
‎Oct 28 2022 1:59 PM
‎Oct 28 2022 1:59 PM

Alex, For those of us that were up to date on our patchwork can you tell me if there is any kind of follow up action who's results will be shared to the community so that they can explain what happened and how it is being addressed?  I appreciate consideration you may make in response to my question.  Thank you, Scott D Hansen - DBA - Systems Engineer

0 Kudos
LE1
Just browsing
‎Oct 27 2022 9:55 AM
‎Oct 27 2022 9:55 AM

 

We've had the same issue since about 4pm uk time, MX100 running 16.16.

 

0 Kudos
_jake_
Comes here often
‎Oct 27 2022 9:57 AM
‎Oct 27 2022 9:57 AM

Same thing is happening to us - initially it was failing on a couple of our sites, and working on others. As of 10 min ago its not working on any of our remote sites. We're running 17.10 on all of our MX's

0 Kudos
In response to _jake_
_jake_
Comes here often
‎Oct 27 2022 10:37 AM
‎Oct 27 2022 10:37 AM

Just got this link in regards to my ticket : https://community.meraki.com/t5/Meraki-Service-Notices/MX-AnyConnect-Client-VPN-issue/ba-p/173350

0 Kudos
In response to _jake_
_jake_
Comes here often
‎Oct 27 2022 2:33 PM
‎Oct 27 2022 2:33 PM

Looks like the issue has been resolved on my end. I received this reply on my ticket - 

 

"At this point in time, the issue with AnyConnect VPN should now be resolved. If you are still having issues, try to make a minor Dashboard config change, wait for the MX to register the change, and try again. Please reach back out if that has been tried and AnyConnect still is not working."

 

Initially it would not connect so I followed the instructions and went into each MX with AnyConnect Enabled and made a small config change and saved that change. My Change was just changing the text of the AnyConnect login banner. After the change was made and the MX updated the config I was successfully able to connect to all MX's with AnyConnect enabled.

0 Kudos
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Oct 27 2022 12:22 PM
‎Oct 27 2022 12:22 PM

My dashboard is reporting the following message.

 

We are investigating an issue where a small number of MX Security Appliances running AnyConnect client VPN are failing to accept new connections, starting around 10/27/2022 14:45 GMT. Our development team has identified the problem and is working to resolve the issue as soon as possible. Please note that Dashboard config changes on all MX networks with AnyConnect enabled may be delayed until the issue is resolved.

0 Kudos
LE1
Just browsing
‎Oct 27 2022 1:35 PM
‎Oct 27 2022 1:35 PM

Hi all,

 

I've just tried ours on 2 laptops and both worked.

 

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.