There is a blacklist action that can be used in the role-based firewall. Can you check the role that your users are in? There may be a rule in that role that blacklists clients if they use the Anyconnect port (think that is 10000?). If that is, someone put that in intentionally as it is not a default setting.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jan 06, 2022 08:40 AM
From: Matt Loveland
Subject: Cisco Anyconnect causes VMC to shut down connection
Hello,
I was wondering if someone here could help me with a VPN issue I am having. Currently my network consist of a Aruba Access Point which connects to a Cisco ASA, which then connects to a cisco 9300, which is also connected to my mobility controller. My network is up and running and I am managing the Access Point just fine from the mobility controller. I can even join endpoints and they work just fine. However, whenever one of my endpoints starts a VPN using Cisco Anyconnect (built on the ASA), the mobility controller immediately ends the connection and puts the mac address of my endpoint into the blacklist.
Anybody know what settings I need to change in my mobility controller to stop it from blocking my VPN connection?
Thanks,
Matt
------------------------------
Matt Loveland
------------------------------