But could not find the Cisco AnyConnect secure mobility client connection. Here’s the message ffrom the the cisco anyconnect client ver 4.3.03xxx on Windows10 11:47:31 PM Contacting xxx country 11:47:32 PM Posture Assessment: Required for access 11:47:32 PM Posture Assessment: Checking for updates 11:47:33 PM Posture Assessment. The fix is quite simple actually, go to Network Connections from Control Panel, right-click Cisco AnyConnect Security Mobility Client Connection, and choose Properties. Then disable IPv6, change IPv4 IP settings from Fixed IP to Dynamic. Close all Network Properties dialog boxes, and try VPN connecting again. It should go through fine now.
My company provides me with a Windows 10 based Laptop and the Cisco AnyConnect client in order to connect to Corporate facilities such as Email, Intranet and Business Apps. I’d recently uplifted my version of Win10 to 1709 (Corp allows both SCCM WSUS and Microsoft online updating and I’m allowed local device admin rights) and noticed that the AnyConnect client would always Connect then Reconnect and Reconnect again which was annoying, especially as I’ll only VPN in when at home or working at a client side.
Googling around suggested that IPv6 was the issue but disabling that in the Virtual Network Adapter that AnyConnect sets up didn’t change the behaviour. No other ideas sprang to mind so I re-ran the connect scenario as it was reproducible at the same time capturing a network trace with Wireshark. I also generated the AnyConnect client diagnostics using the ‘DART’ tool. Then settled down for an hour to run a side-by-side comparison. It looks like AnyConnect enumerates all the physical network interfaces, sets up it’s connection to the Secure Gateway (ie. VPN Server appliance) then later on finds another physical network interface which causes the entire configuration to be torn done and the VPN connection reestablished – twice.
The new physical interface was a vSwitch but one that had IP addresses allocated from the pool handed out by the Secure Gateway which was odd as that suggested it was AnyConnect’s own configuration causing the behaviour. It did however make me recall that I have client Hyper-V enabled and by default a vSwitch is created for my Hyper-V based VM. I disabled the client Hyper-V feature and now no longer get the 3-connect scenario.
Yay – success, but then I’m struggling to remember whether this was an issue with the 1703 build of Win10 as that was when I first enabled client Hyper-V. I don’t think so as it was annoying enough for me to diagnose, so I would have done so in the 1703 timeframe. Now it’s a call on which I want more – a quiet VPN connect or client Hyper-V? As I have an MSDN subscription and can create VM’s to my heart’s content in Azure I’m going with quiet VPN…
Microsoft Windows 10 1703 Build 16299.64
Cisco AnyConnect Secure Mobility Client 4.3.04027
Cisco Anyconnect Windows 10 Install
Laters,
Matt