Cisco Anyconnect VPN issue

VPN Forum
1

I am attempting to connect to the Anyconnect VPN on a work device, but have been getting an error stating “Could not connect to server. Please verify Internet connectivity and server address” when I try to connect to the VPN via wifi. My network is connected and shows that I have internet access, but I cannot connect to the VPN. All of my other devices are working properly and connecting to the internet. I also tried to use a mobile hotspot and could connect to the VPN just fine. I have tried rebooting the device and router. The router is new and is the Netgear Nighthawk AX2700.

Does anyone know what could be causing the modem connectivity issue with the VPN? Could it be something with Ipv6 vs ipv4?

SOLUTION: I just had to disable IPSEC ALG in the settings.

2

Sounds like a policy in your network or your ISP is blocking you from establishing the VPN if it works over a different network. Check the policies on your router to make sure the security settings are not blocking VPN. What ISP do you use?

3

Could possibly be a dns issue. When on your home network, see if you can lookup the address your Anyconnect client is trying to connect to. Compare the lookup with what you get while on your mobile hotspot and confirm they’re the same.

4

How did you disable IPSEC ALG in the settings ?

5

Did you ever figure this out? I am currently facing the same or similar issue while working with the anyconnect vpn

6

Check your local PC / window firewall / any other 3rd party AV firewall is not blocking the VPN application (anyconnect) and ports (listed below).

Check the router isn’t blocking the VPN ports outbound.

Check with your ISP if they are blocking the VPN.

Can you tell us is your work VPN using SSL or IPsec ?

The VPN ports:

SSL-VPN ports: TCP 443 (TLS same as web browsing) and UDP 443 (DTLS)

IPSec VPN ports: UDP/500 and UDP/4500.

In rare cases this can be an MTU issue. Your ISP adds stuff around packets make your internet connection work. Your AnyConnect VPN will add more stuff on as well. It’s like putting on too many coats and then you can’t get out the door. Try lowering your MTU on your windows PC, leave the router the way its set but worth checking what it is set at.

You can test with this command:

ping -f -l 1490 8.8.8.8

keep lowering the 1490 value until ping is responding

Set the MTU in windows

netsh interface ipv4 set subinterface “Local Area Connection” mtu=1490 store=persistent

Reboot

Can you resolve your work VPN or connecting just by IP ?

nslookup vpn.work.com

telnet vpn.work.com 443 (for ssl vpn only, should show a blank screen if it connects)

Below is small GUI tool from Microsoft that is easier to test ports:

https://www.microsoft.com/en-us/download/details.aspx?id=24009

For the destination fill in your work vpn url or IP vpn.work.com

Select manual ports, fill in 443 and click “Query”

You should see “LISTENING” if it was able to connect

7

Do you have VPN module installed on other devices as well? Can you confirm that they’re hitting the same issue on this particular network?

8

The issue may be related to IPv6 compatibility. Try disabling IPv6 on your network adapter settings or in the router settings. Additionally, ensure that the AnyConnect VPN server address is correctly configured and that no firewall restrictions are blocking the VPN connection.

9

Thanks, I use comcast

10

It’s a click box in a router settings page. . This answer solved my issue. Hallelujah

11

Yes, I had to disable IPSEG ALG on my modem/router

12

I’m unsure if the VPN is using SSL or IPsec, but I will be calling the ISP shortly

13

The MTU setting on headend would override the one configured at your network adapter. I guess that DTLS is in use so the SSL VPN is using UDP so MTU does not really bother the OP. It is possible that there’s a blocked UDP/443 somewhere along the path but it should eventually fallback to non-DTLS TCP.
It would be beneficial if OP had provided some more information about what protocols are they using, but I guess he’s not really the one who takes care of VPN boxes.

14

I unfortunately do not have a VPN installed on any other devices to check.

15

This worked. Thank you!

16

Alright so I would definitely check your router security settings. Also, I would verify your work device has all the permissions it needs to connect to the VPN and that your IT department set it up properly. Have you been in contact with them about this?

17

thank you fixed mine as well

18

I just got off a call with them, they seem to think it must be on my end. Either with the ISP blocking it or my router blocking it.