Some clients received a “connection attempt has timed out” error when attempting to connect to Cisco VPN. Incident Description and Resolution IS&T teams have investigated the issue and found that most issues seem to self resolve. The Connection Has Timed Out - How To Fix It Tutorial.A server connection timeout means that a server is taking too long to reply to a data request made f. When I try to logon I simply get 'Network error: Connection Timed Out'.is there any resolution to this problem? Is suggested above, first check any other SSH client to find out if it is connection problem or problem of WinSCP. You may even try any simple TCP/IP client to connect to the server and port 22. The Connection Has Timed Out - How To Fix It Tutorial.A server connection timeout means that a server is taking too long to reply to a data request made f.
Table Of Contents
VPN Troubleshooting
Cisco SDM can troubleshoot VPN connections that you have configured. Cisco SDM reports the success or failure of the connection tests, and when tests have failed, recommends actions that you can take to correct connection problems.
The following link provides information on VPN troubleshooting using the CLI.
VPN Troubleshooting
This window appear when you are troubleshooting a site-to-site VPN, a GRE over IPSec tunnel, an Easy VPN remote connection, or an Easy VPN server connection.
Note VPN Troubleshooting will not troubleshoot more than two peers for site-to-site VPN, GRE over IPsec, or Easy VPN client connections.
Tunnel Details
This box provides the VPN tunnel details.
Interface
Interface to which the VPN tunnel is configured.
Peer
The IP address or host name of the devices at the other end of the VPN connection.
Summary
Click this button if you want to view the summarized troubleshooting information.
Details
Click this button if you want to view the detailed troubleshooting information.
Activity
This column displays the troubleshooting activities.
Why Is The Cisco AnyConnect Client Connection Attempt ...
Status
Displays the status of each troubleshooting activity by the following icons and text alerts:
The connection is up. |
The connection is down. |
Test is successful. |
Test failed. |
Failure Reason(s)
This box provides the possible reason(s) for the VPN tunnel failure.
Recommended action(s)
This box provides a possible action/solution to rectify the problem.
Close Button
Click this button to close the window.
Test Specific Client Button
This button is enabled if you are testing connections for an Easy VPN server configured on the router. Click this button and specify the client to which you want to test connectivity.
This button is disabled in the following circumstances:
•The Basic testing is not done or has not completed successfully.
•The IOS image does not support the required debugging commands.
•The view used to launch Cisco SDM does not have root privileges.
What Do You Want to Do?
Do this: | |
---|---|
Troubleshoot the VPN connection. | Click Start button. When test is running, Start button label will change to Stop. You have option to abort the troubleshooting while test is in progress. |
Save the test report. | Click Save Report button to save the test report in HTML format. This button is disabled when the test is in progress. |
VPN Troubleshooting: Specify Easy VPN Client
This window allows you to specify the Easy VPN client which you want to debug.
IP Address
Enter IP address of Easy VPN client you want to debug.
Listen for request for X minutes
Enter the time duration for which Easy VPN Server has to listen to requests from Easy VPN client.
Continue Button
After selecting the traffic generation type you want, click this button to continue testing.
Close Button
Click this button to close the window.
VPN Troubleshooting: Generate Traffic
This window allows you to generate site-to-site VPN or Easy VPN traffic for debugging. You can allow Cisco SDM to generate VPN traffic or you can generate VPN traffic yourself.
VPN traffic on this connection is defined as
This area lists current VPN traffic on the interface.
Action
This column denotes whether the type of traffic is allowed in the interface.
Source
Source IP address.
Destination
Destination IP address.
Service
This column lists the type of traffic on the interface.
Log
This column indicates whether logging is enabled for this traffic.
Attributes
Any additional attributes defined.
Have SDM generate VPN Traffic
Select this option if you want Cisco SDM to generate VPN traffic on the interface for debugging.
Note Cisco SDM will not generate VPN traffic when the VPN tunnel traffic is from non-IP based Access Control List (ACL) or when the applied and current CLI View is not root view.
Enter the IP address of a host in the source network
Enter the host IP address in the source network.
Enter the IP address of a host in the destination network
Enter the host IP address in the destination network.
I will generate VPN traffic from the source network
Select this option if you want to generate VPN traffic from the source network.
Wait interval time
Enter the amount of time in seconds that the Easy VPN Server is to wait for you to generate source traffic. Be sure to give yourself enough time to switch to other systems to generate traffic.
Continue Button
After selecting the traffic generation type you want, click this button to continue testing.
Close Button
Click this button to close the window.
VPN Troubleshooting: Generate GRE Traffic
This screen appears if you are generating GRE over IPSec traffic.
Have SDM generate VPN Traffic
Select this option if you want Cisco SDM to generate VPN traffic on the interface for debugging.
Enter the remote tunnel IP address
Enter the IP address of the remote GRE tunnel. Do not use the address of the remote interface.
I will generate VPN traffic from the source network
Select this option if you want to generate VPN traffic from the source network.
Wait interval time
Enter the amount of time in seconds that the Easy VPN Server is to wait for you to generate source traffic. Be sure to give yourself enough time to switch to other systems to generate traffic.
Continue Button
After selecting the traffic generation type you want, click this button to continue testing.
Close Button
Click this button to close the window.
Cisco SDM Warning: SDM will enable router debugs...
This window appears when Cisco SDM is ready to begin advanced troubleshooting. Advanced troubleshooting involves delivering debug commands to the router waiting for results to report, and then removing the debug commands so that router performance is not further affected.
This message is displayed because this process can take several minutes and may affect router performance.
Objective
The objective of this document is to show you basic troubleshooting steps on some common errors on the Cisco AnyConnect Secure Mobility Client. When installing the Cisco AnyConnect Secure Mobility Client, errors may occur and troubleshooting may be needed for a successful setup.
Note that the errors discussed in this document is not an exhaustive list and varies with the configuration of the device used.
For additional information on AnyConnect licensing on the RV340 series routers, check out the article AnyConnect Licensing for the RV340 Series Routers.
Software Version
- AnyConnect v4.x (Link to download)
Basic Troubleshooting on Cisco AnyConnect Secure Mobility Client Errors
Note: Before attempting to troubleshoot, it is recommended to gather some important information first about your system that might be needed during the troubleshooting process. To learn how, click here.
1. Problem: Network Access Manager fails to recognize your wired adapter.
Solution: Try unplugging your network cable and reinserting it. If this does not work, you may have a link issue. The Network Access Manager may not be able to determine the correct link state of your adapter. Check the Connection Properties of your Network Interface Card (NIC) driver. You may have a 'Wait for Link' option in the Advanced Panel. When the setting is On, the wired NIC driver initialization code waits for auto negotiation to complete and then determines if a link is present.
2. Problem: When AnyConnect attempts to establish a connection, it authenticates successfully and builds the Secure Socket Layer (SSL)session, but then the AnyConnect client crashes in the vpndownloader if using Label-Switched Path (LSP) or NOD32 Antivirus.
Solution: Remove the Internet Monitor component in version 2.7 and upgrade to version 3.0 of ESET NOD32 AV.
3. Problem: If you are using an AT&T Dialer, the client operating system sometimes experiences a blue screen, which causes the creation of a mini dump file.
Solution: Upgrade to the latest 7.6.2 AT&T Global Network Client.
4. Problem: When using McAfee Firewall 5, a User Datagram Protocol (UDP)Datagram Transport Layer Security (DTLS) connection cannot be established.
Solution: In the McAfee Firewall central console, choose Advanced Tasks > Advanced options and Logging and uncheck the Block incoming fragments automatically check box in McAfee Firewall.
5. Problem: The connection fails due to lack of credentials.
Solution: The third-party load balancer has no insight into the load on the Adaptive Security Appliance (ASA) devices. Because the load balance functionality in the ASA is intelligent enough to evenly distribute the VPN load across the devices, using the internal ASA load balancing instead is recommended.
6. Problem: The AnyConnect client fails to download and produces the following error message:
Solution: Upload the patch update to version 1.2.1.38 to resolve all dll issues.
Cisco Vpn Connection Attempt Has Timed Out
7. Problem: If you are using Bonjour Printing Services, the AnyConnect event logs indicate a failure to identify the IP forwarding table.
Solution: Disable the Bonjour Printing Service by typing net stop “bonjour service” at the command prompt. A new version of mDNSResponder (1.0.5.11) has been produced by Apple. To resolve this issue, a new version of Bonjour is bundled with iTunes and made available as a separate download from the Apple web site.
8. Problem: An error indicates that the version of TUN or network tunnel is already installed on this system and is incompatible with the AnyConnect client.
Solution: Uninstall the Viscosity OpenVPN Client.
9. Problem: If a Label-Switched Path (LSP) module is present on the client, a Winsock catalog conflict may occur.
Solution: Uninstall the LSP module.
10. Problem: If you are connecting with a Digital Subscriber Line (DSL) router, DTLS traffic may fail even if successfully negotiated.
Solution: Connect to a Linksys router with factory settings. This setting allows a stable DTLS session and no interruption in pings. Add a rule to allow DTLS return traffic.
11. Problem: When using AnyConnect on some Virtual Machine Network Service devices, performance issues have resulted.
Solution: Uncheck the binding for all IM devices within the AnyConnect virtual adapter. The application dsagent.exe resides in C:WindowsSystemdgagent. Although it does not appear in the process list, you can see it by opening sockets with TCPview (sysinternals). When you terminate this process, normal operation of AnyConnect returns.
12. Problem: You receive an “Unable to Proceed, Cannot Connect to the VPN Service” message. The VPN service for AnyConnect is not running.
Solution: Determine if another application conflicted with the service by going to the Windows Administration Tools then make sure that the Cisco AnyConnect VPN Agent is not running. If it is running and the error message still appears, another VPN application on the workstation may need to be disabled or even uninstalled. After taking that action, reboot, and repeat this step.
13. Problem: When Kaspersky 6.0.3 is installed (even if disabled), AnyConnect connections to the ASA fail right after CSTP state = CONNECTED. The following message appears:
Solution: Uninstall Kaspersky and refer to their forums for additional updates.
14. Problem: If you are using Routing and Remote Access Service (RRAS), the following termination error is returned to the event log when AnyConnect attempts to establish a connection to the host device:
Solution: Disable the RRAS service.
15. Problem: If you are using a EVDO wireless card and Venturi driver while a client disconnect occurred, the event log reports the following:
Solutions:
- Check the Application, System, and AnyConnect event logs for a relating disconnect event and determine if a NIC card reset was applied at the same time.
- Ensure that the Venturi driver is up to date. Disable Use Rules Engine in the 6.7 version of the AT&T Communications Manager.
If you encounter other errors, contact the support center for your device.
For further information and community discussion on AnyConnect licensing updates, click here.
For AnyConnect Licensing FAQs, click here.