cancel
Showing results for 
Search instead for 
Did you mean: 

Cisco AnyConnect connection failures

buckwem
Newbie
Posts: 4
Registered: ‎19-09-2021

Cisco AnyConnect connection failures

I have been having problems with Cisco AnyConnect for the past few months with failed connections giving the message "The VPN client agent SSL engine encountered an error. Please restart your computer or device, then try again. If the issue persists, please contact your network administrator."  It can take 3, 4 or even 5 connection attempted but it finally connects.

Cisco introduced a defect into AnyConnect that DTLS failures when using Plusnet. The details are here: https://quickview.cloudapps.cisco.com/quickview/bug/CSCvz55373

The conditions you may see this are:
1. DTLS is enabled.
2. DPD is enabled.
3. All desktop and mobile platforms except UWP
4. Versions = v4.10.010xx and v4.10.02xx

The PlusNet Broadband Firewall and Safeguard are off but I suspect the traffic is still being routed through this service and the changes it makes causes the connection failure.

On rare occasions you may get a big red error saying "Untrusted Server Blocked!" indicating a bigger security issue of TLS certificate hijacking.

The fix is to turn off DTLS which is not something that should be done. It's currently a Sev 2 defect but may not get fixed until next year.

For now, anyone using Cisco AnyConnect will have to put up with these errors until Cisco fix AnyConnect or Plusnet change their security software.

 

Tags (3)
5 REPLIES 5
dvorak
Moderator
Moderator
Posts: 29,735
Thanks: 6,610
Fixes: 1,485
Registered: ‎11-01-2008

Re: Cisco AnyConnect connection failures


Moderators Note


This topic has been moved from Fibre to Everything Else

Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
crispy235
Newbie
Posts: 2
Thanks: 2
Registered: ‎28-10-2021

Re: Cisco AnyConnect connection failures

Not sure if this will help anyone but for months every time I have visited my mother's and needed to work I have had to use the neighbour's wifi (who strangely is also on plusnet) because my Cisco VPN never worked (it authenticates fine and all appears to be OK but when you try to connect to any machine using remote desktop it just fails). I have spent ages trying to fix it but last night tried using the free Shrewsoft VPN (which allows you to import a Cisco profile). It now works perfectly. This may or may not apply to AnyConnect but in my case it's quite an old Cisco VPN version.

buckwem
Newbie
Posts: 4
Registered: ‎19-09-2021

Re: Cisco AnyConnect connection failures

The reason it will work is that it removes the security that Plusnet interferes with. In our implementation we are using the Umbrella security extension and it will fail to connect if using another VPN without the pre-checks.
crispy235
Newbie
Posts: 2
Thanks: 2
Registered: ‎28-10-2021

Re: Cisco AnyConnect connection failures

Thanks a lot for the reply although I must admit I don't understand completely! So this other third party VPN client works differently from Cisco in terms of handshaking etc? 

buckwem
Newbie
Posts: 4
Registered: ‎19-09-2021

Re: Cisco AnyConnect connection failures

I just looked and there is a new version that fixes the problem. I am trying to understand when our CIO team are going to roll it out.