Cisco Anyconnect Troubleshooting Steps
Department Knowledge Base (KB) Article
Subject: Cisco Anyconnect Troubleshooting Steps
We have configured Anyconnect VPN on Four different locations to provide remote VPN connectivity
Below are the setup and other details, that we must know before starting any troubleshooting.
Site Name
IP
URL to connect
Client IP range
Region
TWT
66.195.184.132
remote.edifecs.com
10.30.x.x
US West
WTR
12.130.47.132
remote.edifecs.com
10.51.x.x
US East
IDC
112.196.22.10
remote.edifecs.com
10.64.x.x
India
MDC
89.28.12.194
remote.edifecs.com
10.70.x.x
MDC
Each user has to connect according to their location (region), To confirm this, ask the user to ping remote.edifecs.com, in reply we will get one of IP out of four IPs.
Example:-
- If MDC user ping to remote.edifecs.com, he/she will get IP 89.28.12.194
- If IDC user ping to remote.edifecs.com, he/she will get IP 112.196.22.10
- If US West user ping to remote.edifecs.com, he/she will get IP 66.195.184.132
- If US East user ping to remote.edifecs.com, he/she will get IP 12.130.47.132
IF any user gets different IP to their location then It must be a DNS issue.
Solution:-
Ask the user to contact local ISP and get local DNS address or regional DNS.
In Any urgent/critical situation: - we can provide a temp workaround to update the Host file but it's not recommended.
Example:-
- MDC user system host file, we need to add below entry so they can connect to MDC ASA
89.28.12.194 remote.edifecs.com
Case 1
The user doesn’t have anyconnect setup/client.
We have separate docs for first-time setup and download & install the client, which is already shared within team and Enet.
In short – login to remote.edifecs.com via web browser and after successful login, the user can get the anyconnect client software according to OS.
Note- Please make sure user have prover permission in AD and have add in DUO for Anyconnect.
Case 2
Unable to login or VPN not connecting
Please check below:
- User should be able to ping remote.edifecs.com
- Getting the login prompt
- We need to confirm whether this is an authentication issue or a connectivity issue
- If the user is able to ping remote.edifecs.com and get proper IP as per the region then connectivity is ok.
- If login failed, then check for permission on AD & DUO
- Check the Error screenshot for more details.
- If everything seems ok to you then Contact NetOps for further troubleshooting with your finding.
Case 3
- Connected to VPN but resources not available or unable to take RDP.
- This issue mainly occurs if the user is connected to the wrong region ASA, like MDC user connected to IDC or another ASA.
- Ask the user to share ping and ipconfig /all details to verify.
- If the user connected to the wrong region then ask him to add local & regional DNS.
- Restart System.