If you filter the network traffic destinate to a Cisco IOS webvpn router or Cisco ASA firewall in the remote access / VPN block in your network don’t forget to open UDP port 443 also. It is very easy to check if you are actually using DTLS in the An圜onnect client: Symptoms: User can't access web base applications and unable to resolve DNS. Probably will work on CentOS7 GNOME desktop option as well (the only difference being what packages are installed by default with these original install options. The reason that An圜onnect prefers DTLS is that DTLS has less delay because of the connectionless nature of UDP and thus performance is better then with a SSL tunnel. We are having strange issue with latest anyconnect client versions (4.3 and 4.2), please let me know if anyone is having similar issues and known fixes. Procedure for connecting to Cisco An圜onnect VPN from a CentOS7 installed with Server GUI with KDE option.
sudo openconnect -userHowever, An圜onnect will try to use the DTLS protocol first which uses UDP port 443, if it fails than the client will fall back to use SSL for the transport of user data. Unfortunately, the Cisco An圜onnect client for Mac conflicts with Pow. This is true An圜onnect will work fine if DNS is working and TCP port 443 is open. That story is based on the fact that in most guest and mobile networks SSL network traffic (TCP/443) is allowed. However, in some bigger networks it is not uncommon to have another firewall in front of the remote access / VPN block in your network or to have an access-list on the routers in the internet edge.Įverybody knows the story about the biggest pro which the Cisco An圜onnect solution has if you compare it to the old IPSEC remote access based solution –> “it just works everywhere™”. Most Cisco An圜onnect VPN configurations I see in the field, or have deployment myself, are terminated on a Cisco ASA firewall who is directly connected to the internet.