After Uninstall Trap 7.2.2 - Cisco AnyConnect VPN started to work

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

After Uninstall Trap 7.2.2 - Cisco AnyConnect VPN started to work

L4 Transporter

When logging into Cisco AnyConnect VPN, the prompt: Login denied. Your environment does not meet the access criteria defined by your administrator.

 

After trying various methods, it cannot be solved:

Then we have uninstalled the Traps - 7.2.2 from the machine,  the SSL-VPN started to work.

 

I mean the Traps Uninstall made the VPN works

 

Mohammed_Yasin_0-1629886716233.jpeg

 

Mohammed_Yasin_1-1629886716238.jpeg

 

1 REPLY 1

Cyber Elite
Cyber Elite

Hi @Mohammed_Yasin 

 

thank you for post and sorry to hear you are facing this issue.

 

As per the official Cisco Release Note, there is no known compatibility issue between AnyConnect and Traps: https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect49/administration/gui... however, Cisco recommends to exclude the below folders from any 3rd party security product:

 

C:\Users\<user>\AppData\Local\Cisco
C:\ProgramData\Cisco
C:\Program Files (x86)\Cisco

 

In the case you are using Hostscan module for posture check, please exclude also below processes:

 

cscan.exe
ciscod.exe
cstub.exe

 

Here is the official guide: https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect410/release/notes/rel...

 

Could you please try to apply application whitelist for the above folders and processes in Traps? In the case it does not resolve the issue, I would recommend to collect more logs to understand root cause of this issue.

 

Could you please collect DART bundle from affected machine? Here is the manual how to collect DART: https://community.cisco.com/t5/security-documents/how-to-collect-the-dart-bundle-for-anyconnect/ta-p...

Once the DART bundle is generated, you will find the DART bundle on desktop. Please extract it and navigate to Folder: "Cisco AnyConnect Secure Mobility Client" and open: "AnyConnect.txt". In this file you will see all AnyConnect client logs including the error you reported. Please look for any log entries before this error was generated.

 

If DART does not provide any clue, I would recommend to collect logs from your VPN HeadEnd. If you are using ASA, the please run below debugs while the client having issue tries to connect:

 

debug ldap  255
debug webvpn anyconnect 255
debug dap trace 255

 

The above debug commands provide a lot of output. In the case there are several users connecting at the same time, the output might be hard to read, therefore I recommend to log the session to text file and ideally run it outside of the peak hours when less users are connecting. After you complete the log collection, please issue: "u all" to cancel all debugs.

 

If both DART nor debugs on VPN HeadEnd side do not provide enough information to understand what exactly Traps is doing to cause this issue, please let me know. There are still a few more things left to drill down into this issue.

 

I hope this helps and good luck!

 

Kind Regards

Pavel

 

 

 

 


 

Help the community: Like helpful comments and mark solutions.
  • 3507 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!