Cisco Anyconnect Outlook Disconnected

| Posted on by



AnyConnect Plus/Apex licensing and Cisco head-end hardware is required. The application is not permitted for use with legacy licensing (Essentials or Premium PLUS Mobile). AnyConnect may not be used with non-Cisco hardware under any circumstances. We have had a new Cisco Anyconnect VPN setup on Cisco ISE v2.4. Anyconnect client is 4.8.03036. We run a hybrid setup of some exchange legacy servers on premise but mostly we are running from O365 in the cloud. I am running Outlook 365 and others are running Outlook 2016 clients. Older versions of the NAM component of the Cisco AnyConnect Secure Mobility Client will not work when you try to connect to a wireless network on a Surface Pro 3. Note This issue is unrelated to the VPN features of the Cisco AnyConnect software. This issue is specific to the wireless NAM component of the Cisco AnyConnect Secure Mobility Client. My employer has provided a flash drive for me to use when I work from home. This is so I can connect to the VPN using Cisco AnyConnect. It works fine, but, after 30 minutes, it either disconnects me from the VPN, OR, all of my screens and applications freeze or move very slowly- to the point where I cannot service my customers in a timely fashion. When Outlook gets disconnected, please run a Test Email AutoConfiguration to check the AutoDiscover connection: Open Outlook, hold down the CTRL key, right click on the Outlook icon in the lower right corner system tray.

  1. Cisco Anyconnect Vpn Software Download
  2. Outlook Disconnected 2013
  3. Cisco Anyconnect 4.8 Download Windows
  4. Install Cisco Anyconnect
Cisco

Symptoms

When you have the Cisco AnyConnect Secure Mobility Client installed on a Surface Pro 3, you may experience one of the following symptoms:

  • If you try to connect to a wireless network by using the Cisco Network Access Manager (NAM), you cannot connect to the wireless network.

  • You can connect to an open (that is, unsecured) wireless network by using the Cisco Network Access Manager (NAM). However, you cannot use the Cisco NAM to connect to a wireless network that requires a password or other authentication.

  • If you use the Windows 8.1 Networks interface to connect to the wireless network, you can connect to the wireless network.


Cisco Anyconnect Vpn Software Download

TL;DR If Cisco AnyConnect is disconnecting, reconnecting every few minutes, try blocking UDP in/out ports for the vpnagent executable/service.Disconnected
Cisco Anyconnect Outlook DisconnectedCisco AnyConnect Secure Mobility Client version 4.7.04056

Outlook Disconnected 2013


This one drove me nuts for the longest time until I found time to dedicate to troubleshooting it myself. Symptoms were that my AnyConnect client had been disconnecting, reconnecting every few minutes (2:50 to be exact!), which would, in turn, timeout my RDP session. Total reconnect time was only a few seconds, but you can imagine how having your concentration broken every three minutes is a productivity killer!Disconnected
I had troubleshot this with my ISP, Comcast/Xfinity and my customer (whose site I was connecting to via VPN). Both essentially were pointing fingers at each other. It would be easy to blame the ISP because the problem didn't happen over my hotspot, but I can't help but think that the VPN server wasn't configured to properly handle such situations. Anyway, I decided to live with it (for far too long) until I could do some troubleshooting myself and figure out next steps.
My troubleshooting steps are below, in case anyone is interested.

Cisco Anyconnect 4.8 Download Windows


Install Cisco Anyconnect

Wireshark

Wireshark VPN test-2019-12-09-A.pcapng

Wireshark VPN test-2019-12-09-G-Comcast.pcapng

Wireshark VPN test-2019-12-09-F-Hotspot.pcapng

Wireshark VPN test-2019-12-09-E-Comcast-Reconnect at 129 sec.pcapng

Wireshark VPN test-2019-12-09-D-Hotspot.pcapng

Wireshark VPN test-2019-12-09-C-Comcast-Reconnect at 91 sec.pcapng

Wireshark VPN test-2019-12-09-B.pcapng

Noticed that most application traffic happens via DTLS (OpenSSL) over UDP, but every 20 seconds, there's a TLSv1.2 transmission from the client [PSH, ACK], but no response from the server.Client retransmits the [PSH, ACK] in intervals of 0.3, 0.6, 1.2, 2.4, 4.8, 9.6 seconds, and then sends a RST.

Google search

cisco vpn client tls every 20 seconds no ack

Article above references this, which was the most helpful

As long as DTLS is enabled, the client applies the DTLS MTU (in this case 1418) on the VPN adapter (which is enabled before the DTLS tunnel is established and is needed for routes/filters enforcement), to ensure optimum performance. If the DTLS tunnel cannot be established or it is dropped at some point, the client fails over to TLS and adjusts the MTU on the virtual adapter (VA) to the TLS MTU value (this requires a session level reconnect).

Block UDP (in & out) for VPN client in Windows Firewall

C:Program Files (x86)CiscoCisco AnyConnect Secure Mobility Clientvpnagent.exe