AnyConnect on Windows fails to connect to Cisco ASA but openconnect gui will connect
Daniel Lenski
dlenski at gmail.com
Thu Aug 6 13:31:53 EDT 2020
On Wed, Aug 5, 2020 at 5:38 PM D. Scott Shepard <revdshepard at gmail.com> wrote:
> I realize this mailing list is for issues with Openconnect, but I've
> run out of other places to look.
Do keep in mind the "Motivation" section of the OpenConnect homepage:
https://www.infradead.org/openconnect. OpenConnect was written because
of frustration with AnyConnect :)
Many years after OpenConnect was written, I started
reverse-engineering the GlobalProtect protocol and then incorporating
it into OpenConnect
(https://lists.infradead.org/pipermail/openconnect-devel/2016-October/004010.html)
because the official GlobalProtect clients are 🤬 terrible in terms of
exposing and diagnosing what's going wrong when something goes mind,
and OpenConnect is good at it.
> What is Openconnect doing differently than AnyConnect (especially on Windows 10)?
Not being stupid?
Only doing what it *says* it's doing?
Detailed CLI log with `-vvv --dump` will show you just about
everything that OpenConnect is sending and receiving from the server
during the authentication and tunnel setup. Might be useful to compare
this with a *server*-side log of connection attempt with the
AnyConnect client.
> How can I fix it?
You're going to have to find some more detailed logging of the
connection, whether from the client side or on the server side. In my
(blessedly limited) experiences with the Cisco AnyConnect client
software on Windows… the security scanner is the most frequent culprit
for connection issues.
Dan
More information about the openconnect-devel
mailing list