NimbostratusI am trying to offload SSL connections (Anyconnect and clientless) to F5 LTM and then (re-encrypt and) pass through to available VPN gateway (Cisco 5520).
This works but the AnyConnect client will continuously disconnect and reconnect every second and not pass any traffic.
Has anyone observed (and resolved) this behaviour?
TAC also logged with Cisco for this.
Thanks, Dan
NimbostratusNimbostratusSolution was related to fragmentation between the F5 and Cisco ASA.
Cirrostratus
NimbostratusHi , could you please tell what was the solution. i'm having the same problem.
NimbostratusI ran into the same problem with a similar deployment (LTM performing client-ssl & server-ssl before forwarding traffic to an ASA 5580). The ASA firewall is running v9.1.4 & AnyConnect v3, and I found the following link that describes the problem:
http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116881-technote-anyconnect-00.html
I tried using the workaround on the firewall as outlined in the link above, but none of them work for me. Finally, to fix this issue, I created another virtual server which load balances DTLS (UDP 443) to the ASA firewall, and the AnyConnect issues disappear.