Cisco ASA 5510 AnyConnect client - problem with connection establishment

Hi, I have a Cisco ASA 5510 and 2 laptops. With the same user account and AnyConnect install on both laptpos, I get connected with one laptop, but not with the other one. I am showing the result of "debug webvpn anyconnect 255" command when the connection fails:

webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name = IT_Tercat
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name = IT_Tercat
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
ATTR_FILTER_ID: Name: AccesoITTERCAT, Id: 21, refcnt: 5
Not calling vpn_remove_uauth: not IPv4!
webvpn_svc_np_tear_down: acl_id: 21
webvpn_svc_np_tear_down: ACL refcnt: 4
webvpn_svc_np_tear_down: no IPv6 ACL

Also the messages that appear on AnyConnect client windows are:
Message 1)      AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again
Message 2)      The VPN client is unable to establish a connection

Any idea? Thanks
asanchgoIT Project ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TimotiStDatacenter TechnicianCommented:
First guess: you could try disabling IPv6 on the non-working notebook.

Tamas
0
asanchgoIT Project ManagerAuthor Commented:
I will try and tell you the result. One question, why the message would be "Not calling vpn_remove_uauth: not IPv4!" instead of "not IPv6!"?

Do you mean going to the network adapter and deselect IPv6 cell? I am attaching a jpg.

Thanks
Deselect-IPv6.jpg
0
TimotiStDatacenter TechnicianCommented:
Yes, unselect the IPv6 checkbox.
I don't know your vpn config on the ASA, but maybe it wants to push IPv6 client-firewall settings to the client, which are not configured on the ASA: "no IPv6 ACL".

The client-firewall setting look something like this:
access-list ACL_CLIENT_IN extended deny ip any any
access-list ACL_CLIENT_OUT extended deny ip any any
!
 client-firewall opt cisco-integrated acl-in ACL_CLIENT_IN acl-out ACL_CLIENT_OUT

If this doesn't work, please post the relevant config and your ASA version.

Tamas
0
asanchgoIT Project ManagerAuthor Commented:
I found the solution. The laptop has antivirus Kaspersky 6.0 and by default with SSL/HTTPS inspection, which prevents AnyConnect from establishing the VPN connection. Once the HTTPS inspection is disabled on Kaspersky, the connection is successful.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
asanchgoIT Project ManagerAuthor Commented:
I tested myself today.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.