Anyconnect Secure Mobility Client Version
Janita Locklin
Faced that issue with one of our employees, i remember first checking the anyconnect logs, then trying to use anyconnect 3.0 disabling Internet connection sharing through services.msc which sort of fixed it. And then setting the MTU of the network adapter at higher than what it was, i guess the last step ffixed it.
We connect to 2 different sites with anyconnect, but those 2 locations have a site-site VPN tunnel between them. Regardless, for some reason what worked for me to resolve this problem was to connect to site A using the older version of the anyconnect client. Then disconnect, and connect to site B, which automatically updated the client version upon connect. For whatever reason, that worked.
As khan1324 mentions - changing the MTU on the ASA may help your situation. We actually have two groups for people to choose from when they connect using the Anyconnect client. One uses the default MTU of 1500 bytes and another use an MTU of 1200. These are settings configured within the Group Policy.
Keep getting this message when trying to re-install Cisco VPN - "anyconnect secure mobility client cannot be installed on this disk. Version 3.1.02026 of the cisco anyconnect secure mobility client is already installed." Moved and deleted and when I search I only find the download or emails with information on the subject.
Whenever you remove system modifications, they must be removed completely, and the only way to do that is to use the uninstallation tool, if any, provided by the developers, or to follow their instructions. If the software has been incompletely removed, you may have to re-download or even reinstall it in order to finish the job.
Tried again with reboots (same way I did before) and it worked loading the web based one. Talked with our VPN guru here also (has a MAC at home) and went through the process with him and he did the same thing I did. Well, it worked for him.
When I try with openconnect (Cisco AnyConnect VPN Compatible) that only can use certificate (in my case use a domain user and password) or Cisco Compatible VPN (vpnc) I can not connect. The second ask for information that not is provide by my it team.
I just installed the AnyConnect client from my company in order to get the stuff I needed to make OpenConnect work, so I did go through the install and might be able to help you out. This was with 3.1.04063, so keep that in mind as I don't know what's different for 4.0. My company has a Windows cifs share with the anyconnect available clients, but they were in a .pkg format. I extracted them with 7-zip on Windows, then copying that folder to somewhere I could get at from Arch.
I used to sort of be able to use the actual anyconnect client, but only from my 32 bit chroot (I'm on x64). And then something seemed to go awry with /etc/resolv.conf or some other network settings, as the successful VPN connection in the chroot didn't seem to translate into my "actual" 64 bit environment and thus I couldn't do anything with the internet. Web pages just wouldn't load. Same with a 32 chroot installed browser, though, too... so I'm not sure what the issue was. I could ping, with ridiculously slow return times, but never do anything useful.
Finally I stumbled on this setup for openconnect. That's what I've been using every since. Only re-installed since I was having an issue with certificates. Turns out there's a bug in the version of the anyconnect libraries I was using with openconnect, and the fix was to upgrade. Thankfully my company had updated versions in that Windows directory when I checked, or I think I was stuck. Just got it working and happy.
Let me know if you'd like to pursue the openconnect route and I can share my setup. Let me know if you run into troubles after the anyconnect install. I think I had some futzing required to get it connected even after install. From memory, I think I had to start various things that got installed in /etc/rc.d. Like, perhaps:
c80f0f1006