Symptom

ASA drops existing anyconnect sessions and stop accepting new anyonnect sessions randomly. Customer use certificate authentication. During issue occurring, ASA starts to drop existing Anyconnect sessions and new connection fails with following error in DART log. 1.timeout errors CURL error: 28 = Operation timed out after 30017 milliseconds with 0 out of 0 bytes received Connection attempt has timed out. Please verify Internet connectivity. 2.No valid certificates available for authentication.

Conditions

Anyconnect VPN with cert auth, and ASA trustpoint with ocsp enabled.

Workaround

Disable ocsp check on ASA trustpoint as below. no revocation-check ocsp

Further Problem Description