[AusNOG] Weird Cisco SSLVPN issues from what appears to be from Telstra 4G users

Jen Linkova furry13 at gmail.com
Fri Jun 28 15:06:02 EST 2019 

On Fri, Jun 28, 2019 at 10:59 AM Beeson, Ayden <abeeson at csu.edu.au> wrote:
>
> We are a Telstra 4G / Anyconnect SSL VPN shop and I haven't heard of any complaints for this issue. Are you using Anyconnect, or just using the clientless VPN?
>
> Are they 100% using the 4G connection and not accidentally on hotel / public Wi-Fi that might have a captive portal on it? I didn't think Anyconnect even had a portal detection feature, I've never seen one on any versions I have run.

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/118086-technote-anyconnect-00.html

> There might be a portal check feature if it does have one that is failing to reach your ASA/VPN termination gear, even though the actual connection is fine. I'm not aware of specifics around a mechanism if one exists so that’s speculation at best, but maybe ICMP reachability etc?

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/118086-technote-anyconnect-00.html#anc9
As per doc, Anyconnect report the captive portal if after HTTPS
certificate failure  it gets unexpected HTTP code from the server.

>
> On 26/6/19, 1:18 pm, "AusNOG on behalf of Drikus Brits" <ausnog-bounces at lists.ausnog.net on behalf of drikusinaus at gmail.com> wrote:
>
>     Howdy,
>
>     Have anybody else picked up weird issues regarding SSLVPN connections.
>     We've had a bunch of customers complaining about getting popups
>     claiming that the user is behind a captive portal and needs to
>     authenticate/resolve connectivity issues first before the SSLVPN
>     software can connect.
>
>     a bit spread thing trying to locate the exact reason, but seems it is
>     very erratic with customers scattered.
>
>     cheers,
>
>     Drikus
>     Brennan IT
>     _______________________________________________
>     AusNOG mailing list
>     AusNOG at lists.ausnog.net
>     http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog



-- 
SY, Jen Linkova aka Furry

More information about the AusNOG mailing list