最近在使用SSL *** 的時候,在連接到1分鐘至1分半的時候總是會重連一下,開了個Case給Cisco, 得出結論是mtu不匹配.修改完成後,一切正常.
分析過程如下:
From the DART file, we can see below:
Date : 02/02/2018
Time : 13:49:08
Type : Warning
Source : ac***agent
Description : Reconfigure reason code 16:
New MTU configuration.
Date : 02/02/2018
Time : 13:49:08
Type : Information
Source : ac***agent
Description : The entire *** connection is being reconfigured.
Date : 02/02/2018
Time : 13:49:08
Type : Warning
Source : ac***agent
Description : A new MTU needs to be applied to the *** network interface. Disabling and re-enabling the Virtual Adapter. Applications utilizing the private network may need to be restarted.
解決方案如下:
1-Set the mtu of related group-policy
2-Allow fragmentation under related group-policy
Sample as below:
group-policy ac_users_group attributes
web***
anyconnect mtu 1300
group-policy ac_users_group attributes
web***
anyconnect ssl df-bit-ignore enable