I have several sites working in the AnyConnect closed Beta for a long time. Probably almost a year. I was excited to see AnyConnect move to public beta so I started scheduling 16.4 upgrades. We didn't make any changes before or right after the 16.4 upgrades. We did post upgrade testing and everything seemed fine. However, after we moved one site to 16.4 users started complaining that their Outlook showed as disconnected (Using Office365 with a hybrid AD setup). The problem manifests itself about 80% of the time. Sometimes it works fine, but we generally don't have a problem reproducing it. Here is our environment: 2 MX250's in HA w/Virtual IP (16.4) 2 ISP's Windows 10 laptops Office 365 Hybrid AD Setup AnyConnect Client v4.9.06037 for Windows Full Tunnel Configuration AnyConnect / Internal users / IPSEC Client VPN all use the same DNS servers From our testing we found: Clients connected to the AnyConnect VPN on our Meraki MS250's are getting disconnected from Office365 and other web (SaaS) applications. If the same client connects to the IPSEC Client VPN we do not see the problem If the same client works from inside the office we do not see the problem If the same client connects to our legacy ASA5520 using the same exact AnyConnect version on the same computer we do not see the problem If the same disconnects from the VPN and uses Office 365 from their home Internet we do not see the problem We took took the following steps and retested the scenarios above: Disabled AMP/IDP - no change, AnyConnect still broken Removed country blocks - no change, AnyConnect still broken Permit Any on the top of the firewall rules (UGGH, but had to rule it out) - no change, AnyConnect still broken Verified no weird traffic shaping stuff - no change, AnyConnect still broken Forced all traffic to ISP1 - no change, AnyConnect still broken Forced all traffic to ISP2 - no change, AnyConnect still broken So we opened a case with Meraki support. I received the quickest response on a case that has ever happened: "Please upgrade your MX to 16.5 and see if it fixes the issue." Well the release notes for 16.5 weren't much help but since we were out of options we upgraded to 16.5 and...... - no change, AnyConnect still broken 😥 I want my closed Beta code back! Anyone else experiencing an issue like this? I am going to call support back so we can take captures and perform other science experiments while the client happily uses their legacy ASA5520 AnyConnect VPN that works fine. Sigh.... I want my AnyConnect closed beta code back!
... View more