[AusNOG] Weird Cisco SSLVPN issues from what appears to be from Telstra 4G users

Jen Linkova furry13 at gmail.com
Fri Jun 28 15:06:02 EST 2019

On Fri, Jun 28, 2019 at 10:59 AM Beeson, Ayden <abeeson at csu.edu.au> wrote:
> We are a Telstra 4G / Anyconnect SSL VPN shop and I haven't heard of any complaints for this issue. Are you using Anyconnect, or just using the clientless VPN?
> Are they 100% using the 4G connection and not accidentally on hotel / public Wi-Fi that might have a captive portal on it? I didn't think Anyconnect even had a portal detection feature, I've never seen one on any versions I have run.


> There might be a portal check feature if it does have one that is failing to reach your ASA/VPN termination gear, even though the actual connection is fine. I'm not aware of specifics around a mechanism if one exists so that’s speculation at best, but maybe ICMP reachability etc?

As per doc, Anyconnect report the captive portal if after HTTPS
certificate failure  it gets unexpected HTTP code from the server.

> On 26/6/19, 1:18 pm, "AusNOG on behalf of Drikus Brits" <ausnog-bounces at lists.ausnog.net on behalf of drikusinaus at gmail.com> wrote:
>     Howdy,
>     Have anybody else picked up weird issues regarding SSLVPN connections.
>     We've had a bunch of customers complaining about getting popups
>     claiming that the user is behind a captive portal and needs to
>     authenticate/resolve connectivity issues first before the SSLVPN
>     software can connect.
>     a bit spread thing trying to locate the exact reason, but seems it is
>     very erratic with customers scattered.
>     cheers,
>     Drikus
>     Brennan IT
>     _______________________________________________
>     AusNOG mailing list
>     AusNOG at lists.ausnog.net
>     http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

SY, Jen Linkova aka Furry

More information about the AusNOG mailing list