Forum Discussion

ilazzari's avatar
ilazzari
Joining in
2 years ago

Hub 3 not allowing Cisco AnyConnect VPN traffic

We have recently switched to Cisco firewalls at work so now using AnyConnect client VPN. I cannot get it working for myself using my VM broadband. It just does not seem to find the firewall hostname despite being able to reach it by using Telnet on port 443. I can connect fine if I try via a mobile hotspot.

I can't find any settings relating to LLT2P/IPsec/multicast passthrough in the router settings so I'm stumped.

Has anybody experienced this issue and found a fix?

Thanks

 

    • ilazzari's avatar
      ilazzari
      Joining in

      Hi Alessandro. I have tried this but still not working.

  • Hi there ilazzari 

    Thank you so much for your post and welcome to the community forums, it's great to have you here. 

    I am so sorry that you have faced this issue with your service, to clarify, if the VPN is not active do you face any issues at all? 

    • ilazzari's avatar
      ilazzari
      Joining in

      Hi Ashleigh. No. My service is solid. only this VPN issue.

  • WalkerBoh's avatar
    WalkerBoh
    On our wavelength

    Firstly Anyconnect works over Virgin I use (Over SSL)

    Anyconnect can use 443 (HTTPS/SSL) or L2TP/IPSEC depending on how your IT have configured

    You mention testing 443 and connects through so assume you are using this

    Your IT should have supplied a URL if you put this URL into a browser it will take you to the Anyconnect page, depending on the configuration if you put in your user and password it will allow you to download their AnyConnect package

    If they have supplied unconfigured package (msi) then when you first launch the client an address box will appear into which you can enter the hostname they supply to you. This is a one hit thing you can reset by going into the correct directory and removing an xml file though if you have permission

    • ilazzari's avatar
      ilazzari
      Joining in

      Hi. I am the Systems Manager for our company and we have just replaced our Juniper firewall with Cisco and yes we are using SSL (after not being able to configure IPSEC due to Win11 compatibility issues!) All of the configuration is correct as I can connect to the VPN if I use my mobile hotspot. 

  • Adduxi's avatar
    Adduxi
    Very Insightful Person

    I would also manually set the DNS on your device to Cloudflare, OpenDNS, Google etc.  This will bypass any Websafe/Childsafe filtering on the VM DNS servers that can also interfere with VPN's. 

    • WalkerBoh's avatar
      WalkerBoh
      On our wavelength

      Yes this is a good shout also if VM DNS block unclassified sites that your new VPN connection is very likely going to be this will also not work. Setting your DNS manually on the work device as per above will work around this

  • Client62's avatar
    Client62
    Alessandro Volta

    We have a Hub 3 in Router mode I've used many office VPNs with out any issues.

    As a test to rule out the Hub 3's NAT / Firewall, try the VM Hub in Modem mode with just the work laptop connected via a network cable.


    • ilazzari's avatar
      ilazzari
      Joining in

      Hi. I have the Hub 3 in modem mode and this hasn't made any difference. When you say "many office VPNs" do these include Cisco AnyConnect?

      My previous NCP client connecting through our old Juniper firewall worked fine but having trouble with Cisco specifically.

      Thanks

  • Client62's avatar
    Client62
    Alessandro Volta

    I have used Cisco AnyConnect via the Hub 3 in Router mode on an office laptop supplied by a bank.

  • Update, I have tried this with another user who has Virgin Broadband at home and the same thing is happening. So it is happening with me whilst in modem mode and another user whilst in router mode.

    Has anybody heard any official line from Virgin about this?

    • Matthew_ML's avatar
      Matthew_ML
      Forum Team

      Hey ilazzari, thank you for reaching out and I am sorry to hear this.

      We wouldn't block any VPN or anything like this, has any of the advice here helped at all? 

      Have you checked to see if any firewalls are blocked on your side? 

  • fibreking's avatar
    fibreking
    On our wavelength

    A few thoughts in case you haven’t tried these.

     

    Breaking down the problem.

     

    Possible VM firewalling upstream- have you tried turning off parental controls etc in the VM online account? 

    DNS not resolving - rule out by temporarily replacing the host name with the IP address.

    NAT / router forwarding. Sure it’s not using multiple ports and that they are all forwarded? Temporarily stick the client in the DMZ and forward all TCP & UDP ports.

  • Client62's avatar
    Client62
    Alessandro Volta

    The original thought was ... "It just does not seem to find the firewall hostname"

    Consider the flip side of this ...  Is the firewall blocking / dropping traffic from the VM network.