Cisco AnyConnect Secure Mobility Client – Windows Installation and Troubleshooting guide

Cisco AnyConnect Secure Mobility Client is a not just a VPN modular endpoint software product that provides endpoints access to secure resources but also provides extra layers of security necessary to help keep your organisation safe and protected. Cisco AnyConnect Secure Mobility Client provides Virtual Private Network (VPN) access through Secure Sockets Layer (SSL) and Internet Protocol Security (IPsec) Internet Key Exchange version2 (IKEv2) and offers enhanced security through various built-in modules. These built in modules provide services such as compliance through the VPN with ASA or through wired, wireless, and VPN with Cisco Identity Services Engine (ISE), web security along side Cisco Cloud Web Security, network visibility into endpoint flows within Stealthwatch, or off-network roaming protection with Cisco Umbrella.

Cisco Anyconnect is an easy to use,reliable and highly secure mobility client which provides secure VPN to users regardless where they are working from. On a single click ,one is connected to office environment from anywhere and is safe and malware threat proof. Also the companies can monitor what all devices are connected to their network from outside as access to it is granted by following certain set of approval which are set at organisational level. For organisations moving towards agility, it gives flexibility, reliability and connectivity that is needed.

How to Install the Cisco AnyConnect Secure Mobility Client

Step 1. Download the Cisco AnyConnect VPN Client here.

Note: Install the AnyConnect Pre-deployment Package for Windows.

Step 2. To install Click Run.

Cisco AnyConnect Secure Mobility Client

Step 3. Check the check boxes for the modules that you need to install.

Note: All modules will be installed by default.

Cisco AnyConnect Secure Mobility Client

Step 4. (Optional) Check the Lock Down Component Services check box if the feature needs to be enabled. Enabling this feature will prevent users from disabling the Windows Web Security service.

Note: In this example, Lock Down Component Services is not enabled.

Cisco AnyConnect Secure Mobility Client

Step 5. Click Install Selected.

Cisco AnyConnect Secure Mobility Client

Step 6. Click OK.

Step 7. Go over the Supplemental End User License Agreement and then click Accept.

Cisco AnyConnect Secure Mobility Client

Step 8. Restart your computer.

You should now have successfully installed the Cisco AnyConnect Secure Mobility Client on your computer.

Using the Cisco AnyConnect Secure Mobility Client VPN

When launching the Cisco AnyConnect Secure Mobility Client its icon appears in the system tray (bottom of the screen, on the right hand side).

  • To connect to your VPN, renter your VPN address as per the image below. Afterwards click ‘Connect’.
  • Enter your username and password.
  • To stop the VPN connection, double click the ASA VPN client icon and select Disconnect.

Tip: Disconnect the VPN connection when you are not using it.

Basic Troubleshooting on Cisco AnyConnect Secure Mobility Client Errors

1. Problem: Network Access Manager fails to recognise your wired adapter.

Solution: Try unplugging your network cable and reinserting it. If this does not work, you may have a link issue. The Network Access Manager may not be able to determine the correct link state of your adapter. Check the Connection Properties of your Network Interface Card (NIC) driver. You may have a “Wait for Link” option in the Advanced Panel. When the setting is On, the wired NIC driver initialization code waits for auto negotiation to complete and then determines if a link is present.

2. Problem: When AnyConnect attempts to establish a connection, it authenticates successfully and builds the Secure Socket Layer (SSL)session, but then the AnyConnect client crashes in the vpndownloader if using Label-Switched Path (LSP) or NOD32 Antivirus.

Solution: Remove the Internet Monitor component in version 2.7 and upgrade to version 3.0 of ESET NOD32 AV.

3. Problem: When using McAfee Firewall 5, a User Datagram Protocol (UDP)Datagram Transport Layer Security (DTLS) connection cannot be established.

Solution: In the McAfee Firewall central console, choose Advanced Tasks > Advanced options and Logging and uncheck the Block incoming fragments automatically check box in McAfee Firewall.

4. Problem: The connection fails due to lack of credentials.

Solution: The third-party load balancer has no insight into the load on the Adaptive Security Appliance (ASA) devices. Because the load balance functionality in the ASA is intelligent enough to evenly distribute the VPN load across the devices, using the internal ASA load balancing instead is recommended.

5. Problem: The AnyConnect client fails to download and produces the following error message:

Solution: Upload the patch update to version 1.2.1.38 to resolve all dll issues.

6. Problem: If you are using Bonjour Printing Services, the AnyConnect event logs indicate a failure to identify the IP forwarding table.

Solution: Disable the Bonjour Printing Service by typing net stop “bonjour service” at the command prompt. A new version of mDNSResponder (1.0.5.11) has been produced by Apple. To resolve this issue, a new version of Bonjour is bundled with iTunes and made available as a separate download from the Apple web site.

7. Problem: If a Label-Switched Path (LSP) module is present on the client, a Winsock catalogue conflict may occur.

Solution: Uninstall the LSP module.

8. Problem: You receive an “Unable to Proceed, Cannot Connect to the VPN Service” message. The VPN service for AnyConnect is not running.

Solution: Determine if another application conflicted with the service by going to the Windows Administration Tools then make sure that the Cisco AnyConnect VPN Agent is not running. If it is running and the error message still appears, another VPN application on the workstation may need to be disabled or even uninstalled. After taking that action, reboot, and repeat this step.

9. Problem: When Kaspersky 6.0.3 is installed (even if disabled), AnyConnect connections to the ASA fail right after CSTP state = CONNECTED. The following message appears:

Solution: Uninstall Kaspersky and refer to their forums for additional updates.

This troubleshooting guide is referenced at the Cisco Website. For more information click here.

Leave a Reply