Cisco AnyConnect VPN won’t connect!

Seeking help, please! On Wednesday (4/10/2024), I could [remotely] connect to my company’s network via VPN. The very next day, Thursday morning (4/11/2024), cannot connect to [for example only] Remote.Google.com. The Cisco error message states, “Connection attempt has timed out. Please verify internet connectivity.”

Except, I have connectivity (via hardwire and/or wifi) and can connect to any website, except for: remote.[insert_company_name].com

Running UDM Pro and UniFi OS 3.2.12 and System Logs don’t indicate any updates. Even tried a restore using 4/09/2024 backup config. Last, I created an Allow Rule for the laptop’s local IP (e.g., 192.168.1.100), which is on my Default Network, to access google.com, remote.google.com, corp.google.com, etcetera. Still, no luck!

However, when I tether to my iPhone for cellular, it works perfectly (so my I.T. “Help” Desk points the finger at my network config., of course). I cannot be alone. Please help if anyone thinks of anything.

Hello! Thanks for posting on r/Ubiquiti!

This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.

Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.

If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

I am having similar issues with a UXG-Max and support cannot figure it out. It is very frustrating.

Try rebooting your ISP hardware or fiber jack if you haven’t yet.

Edit to add: Do this on the PC. File is C:\windows\system32\drivers\hosts. Open the file with notepad as admin.

Create a host file entry for your company’s domain name and the IP address of your company’s DNS server. Had this issue when using Verizon hotspots. Your home Internet provider is jacking with DNS.

Some VPNs don’t allow transparent firewall traversal by policy.

Maybe some turned it on.

Here are some things you can try if Cisco AnyConnect won’t connect to a corporate VPN:

-Update Cisco AnyConnect: Make sure you have the latest version of Cisco AnyConnect

-Check your AnyConnect Networks adapter: Make sure the IPv6 protocol is unchecked

-Disable or uncheck “NpCap Packet Driver”: If you have nmap (zenmap GUI) for Windows, this driver may be adding to the network interfaces

-Change the Wait prior credential value: Go to the properties of your Cisco AnyConnect VPN Client entry, under

-Connection – General, and change the value to match the time it takes to fully load your VPN

-Disable or uninstall another VPN application: If you receive an “Unable to Proceed, Cannot Connect to the VPN Service” message, another application may be conflicting with the service

-Ensure only one user is logged into Windows: Anyconnect tries to enforce that only a single user is logged into Windows.

I had the same issue once, for some reason, factory resetting helped.
I had tried disabling ad block, security and all sort of thing I could come up with, nothing worked.

What are you using for DNS? Did it get blacklisted? PiHole did that to me once.

Try just using your ISPs DNS servers. Does nslookup return the IP address of your company VPN.company.com properly or does it timeout?

Done & Done. Thank you for your input, however

I sincerely appreciate the feedback! This is likely way over the head of my company’s help desk, and unfortunately, they don’t give us ‘admin’ access - but I’ll certainly plead my case. Thank you again.

Thank you for your input. Sincerely appreciated!

Cloudflare and Google, or 1.1.1.1 and 8.8.8.8

Disabled Ad Blocking in UniFi settings.

Not using PiHole or AdGuard.

Thank you for your input, sincerely appreciated.

Used Website to IP Lookup to find the IP address of “remote.insert_company_name.com” and it still didn’t work.

Goal was to bypass DNS and merely use the IP instead.

Also ‘flushed’ dns using Command Prompt, too.

Using command line, nslookup returns the correct ip address for “remote.company.com

Thank you again!

Np, worth a shot. One of our clients has an old ASA 5506 and we set up RA for about 125 users using the any connect client. 99% of the time any tickets we get similar to this a quick reboot of the ISP hardware resolves it.

I just thought of this one last night. Make sure IPv6 is turned off /Disabled wherever you don’t need it.

Ok the nslookup on your PC your using returns the proper IP address? Then it should work. Make sure you don’t have some available silly special characters or spaces in your VPN client config

Agreed, it “should” work. And, using other devices on my local network, I downloaded Cisco AnyConnect, and was able to connect to Remote.Company.com as the website responded asking for my credentials.

So correct me if I am misunderstanding… from another device on your network, you can connect just fine, but from this device, you cannot… is that correct?

If so, you have eliminated the router and NAT traversal as the potential issue.