Fiddler blocking Cisco AnyConnect VPN connection

5 posts, 0 answers
  1. Ron
    Ron avatar
    1 posts
    Member since:
    May 2018

    Posted 11 May Link to this post

    I had a user experience this issue. Fiddler was blocking Cisco AnyConnect VPN from running. When the user launched the Cisco AnyConnect client, the error showed as follows:

    "The VPN connection is not allowed via a local proxy. This can be changed through AnyConnect profile settings."

    The issue was Fiddler being set up to act as a system proxy on startup. To remedy this issue, open Fiddler, go into Tools > Options > Connections tab and uncheck 'Act as system proxy on startup' > click OK > exit and restart Fiddler. You should now be able to connect to Cisco AnyConnect.

    If you had Fiddler installed and uninstalled it but still get this error, reinstall Fiddler and follow the instructions above. Once you confirm that you can reconnect to Cisco AnyConnect VPN, uninstall it.

     

  2. Alexander
    Admin
    Alexander avatar
    336 posts

    Posted 14 May Link to this post

    Hi,

    This does not seem to be Fiddler-related issue, but rather AnyConnect's prohibition of usage of local proxy. If Fiddler is turned off there should not be any problem. Also, if Fiddler is uninstalled, it cannot cause the problem anymore, no need for reinstallation and unchecking the setting.

    Regards,
    Alexander
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. greg
    greg avatar
    3 posts
    Member since:
    Mar 2015

    Posted 07 Nov Link to this post

    I can confirm that AnyConnect does have issues once you enable https decryption with install interception certificates.  It doesn't always happen but when it does I immediately open fiddler, disable https and remove interception certificates and it works fine.  I suspect that Cisco posturing mode fails when it loads the required x509 certs.  

    To be clear; I may have had interception certificates installed from a day or two ago. I immediately startup Cisco AnyConnect on bootup and Fiddler is not running.  Once I fix my certs, I connect fine and I can immediately reinstall those interception certs and I'm good the rest of the day.

    Is there a way I can conditionally exclude certain certs from interception?

     

  4. greg
    greg avatar
    3 posts
    Member since:
    Mar 2015

    Posted 07 Nov in reply to greg Link to this post

    Here is the logs from AnyConnect; it'll keep failing and either report failure or over and ask for my credentials again.  I'm not sure what certificate it's attempting to use yet.

     

    11/7/2018
         7:00:43 PM    Ready to connect.
         7:00:44 PM    Automatically selected server: ****REDACTED****
         7:00:44 PM    Contacting ***REDACTED******.
         7:00:45 PM    No valid certificates available for authentication.
         7:00:46 PM    Posture Assessment: Required for access
         7:00:46 PM    Posture Assessment: Checking for updates...
         7:00:46 PM    Posture Assessment: Initiating...
         7:00:49 PM    Posture Assessment: Active
         7:00:49 PM    Posture Assessment: Initiating...
         7:04:19 PM    User credentials entered.
         7:04:19 PM    Hostscan is performing system scan
         7:04:20 PM    Hostscan is performing software scan
         7:04:26 PM    Hostscan state idle
         7:04:27 PM    Hostscan is waiting for the next scan
         7:05:27 PM    Hostscan is performing system scan
         7:05:28 PM    Hostscan is performing software scan
         7:05:34 PM    Hostscan state idle
         7:05:35 PM    Hostscan is waiting for the next scan
         7:06:35 PM    Hostscan is performing system scan
         7:06:36 PM    Hostscan is performing software scan
         7:06:42 PM    Hostscan state idle
         7:06:43 PM    Hostscan is waiting for the next scan
         7:07:44 PM    Hostscan is performing system scan
         7:07:44 PM    Hostscan is performing software scan
         7:07:51 PM    Hostscan state idle
         7:07:52 PM    Hostscan is waiting for the next scan
         7:08:52 PM    Hostscan is performing system scan
         7:08:53 PM    Hostscan is performing software scan
         7:08:59 PM    Hostscan state idle
         7:09:00 PM    Hostscan is waiting for the next scan
         7:10:00 PM    Hostscan is performing system scan
         7:10:01 PM    Hostscan is performing software scan
         7:10:07 PM    Hostscan state idle
         7:10:08 PM    Hostscan is waiting for the next scan
         7:11:09 PM    Hostscan is performing system scan
         7:11:09 PM    Hostscan is performing software scan
         7:11:15 PM    Hostscan state idle
         7:11:16 PM    Hostscan mission complete
         7:26:38 PM    Ready to connect.

  5. greg
    greg avatar
    3 posts
    Member since:
    Mar 2015

    Posted 07 Nov in reply to greg Link to this post

    Here is the logs from vpn; it'll keep failing and either report failure or over and ask for my credentials again.  I'm not sure what certificate it's attempting to use yet.

     

    11/7/2018<br>
         7:00:43 PM    Ready to connect.<br>
         7:00:44 PM    Automatically selected server: ****REDACTED****<br>
         7:00:44 PM    Contacting ***REDACTED******.<br>
         7:00:45 PM    No valid certificates available for authentication.<br>
         7:00:46 PM    Posture Assessment: Required for access<br>
         7:00:46 PM    Posture Assessment: Checking for updates...<br>
         7:00:46 PM    Posture Assessment: Initiating...<br>
         7:00:49 PM    Posture Assessment: Active<br>
         7:00:49 PM    Posture Assessment: Initiating...<br>
         7:04:19 PM    User credentials entered.<br>
         7:04:19 PM    Hostscan is performing system scan<br>
         7:04:20 PM    Hostscan is performing software scan<br>
         7:04:26 PM    Hostscan state idle<br>
         7:04:27 PM    Hostscan is waiting for the next scan<br>
         7:05:27 PM    Hostscan is performing system scan<br>
          7:07:51 PM    Hostscan state idle<br>
          7:11:16 PM    Hostscan mission complete<br>
         7:26:38 PM    Ready to connect.
Back to Top