香港中文大学（深圳）

Cisco AnyConnect VPN

故障处理参考指南

Troubleshoot Reference Guide

1

目录 Table of Contents

1. 确保软件版本号升级到最新的 4.8。 Make sure the software is upgraded to the latest 4.8 version. ...................................................................................................................................... 3

2. AnyConnect 客户端输入域名为 vpn.cuhk.edu.cn。Enter the domain name as vpn.cuhk.edu.cn. ........................................................................................................................... 4

3. 确保客户端可以正常解析域名 vpn.cuhk.edu.cn, 且到服务器网络连接正常。Make sure that the client can resolve the domain name vpn.cuhk.edu.cn normally, and the network connection to the server is normal. ............................................................................................. 4

4. 域名无法正常解析时，如何连接 VPN？How to connect VPN when domain name cannot be resolved normally? ...................................................................................................... 5

5. 在中国大陆之外的地区连接 VPN, 可以选用 vpnhk.cuhk.edu.cn 连接。To connect to VPN outside the mainland China, you can enter vpnhk.cuhk.edu.cn to connect. .............. 6

6. Anyconnect 连接成功之后，不能正常上网？Still can't get online normally after Anyconnect is connected successfully? ...................................................................................... 7

7. VPN 的速度受公网网速影响大，可以通过 10.10.10.10 测速。The speed of VPN is greatly affected by the speed of the public network, and it can be measured by 10.10.10.10. ...................................................................................................................................... 8

8. AnyConnect 不支持在远程桌面时连接。 AnyConnect does not support remote desktop. ........................................................................................................................................... 8

9. AnyConnect 仅支持一个账号登录当前操作系统。AnyConnect supports only one account to log in to the current operating system. ................................................................... 9

10. Windows 系统报错“the VPN service is not available, Exiting”。Windows system reports "the VPN service is not available, Exiting". .................................................................. 9

11. AnyConnect 连接成功之后反复中断。AnyConnect is interrupted repeatedly after successful connection. ................................................................................................................. 10

12. AnyConnect 支持的操作系统版本。System Requirements of AnyConnect ................. 10

AnyConnect Support for Microsoft Windows ........................................................ 11

AnyConnect Support for Linux ................................................................................. 11

AnyConnect (Versions 4.8 and above) Support for Mac OS X (Catalina) ........... 12

13. AnyConnect 卸载。AnyConnect uninstall. ....................................................................... 12

14. 教职工连接 VPN 之后，图书馆资源无法使用？Library resources cannnot be accessed after faculty connected to the VPN? ......................................................................................... 13

2

15. 教职工连接 VPN 之后，国内网页，微信无法正常使用？After the faculty members connect to the VPN, the domestic webpages and WeChat cannot be used normally? ..... 14

16. 部分硬件不支持 AnyConnect。 For Hardware does not support AnyConnect........... 14

3

1. 确保软件版本号升级到最新的 4.8。 Make sure the software is upgraded to the latest 4.8 version. 打开 AnyConnect 客户端，点击下图红色框，查找 AnyConnect 软件版

本。Open the AnyConnect client and click the button showed as below to find the AnyConnect software version.

4

2. AnyConnect 客户端输入域名为 vpn.cuhk.edu.cn。Enter the domain name as vpn.cuhk.edu.cn.

3. 确保客户端可以正常解析域名 vpn.cuhk.edu.cn, 且到服务器网

络连接正常。Make sure that the client can resolve the domain name vpn.cuhk.edu.cn normally, and the network connection to the server is normal. 打开系统的命令行 ，如下图所示：输入 nslookup vpn.cuhk.edu.cn。校内解析的

地址如红框 10.20.220.176 ，校外地址是 116.31.95.20。获取到解析 IP 地址说明

DNS 配置正常；输入 ping 116.31.95.20，返回正常说明网络连接正常。 Open the system's command line, as shown below: Enter nslookup vpn.cuhk.edu.cn. The resolved address in the campus should be 10.20.220.176, and the address outside campus will be 116.31.95.20. Obtaining the resolved IP address indicates that the DNS configuration is normal. Enter ping 116.31.95.20 and return to normal, indicating that the network connection is normal.

5

4. 域名无法正常解析时，如何连接 VPN？How to connect VPN when domain name cannot be resolved normally?

在第三步如果 nslookup vpn.cuhk.edu.cn 没有 IP 地址，说明客户端的 DNS 设置不正

确或者有其他代理。方法一：调整 DNS 或者关闭代理；方法二：采用 ip 地址访问

VPN（不推荐）。如下图所示：去掉 block connections to untrusted servers 的勾。

输入 https://116.31.95.20:443（校外）https://10.20.220.176:443(校内)

In the third step, if you enter nslookup vpn.cuhk.edu.cn, it does not come out an IP address. It means the DNS settings of the client are incorrect or there are other proxy. Method 1: Adjust DNS or disable proxy; Method 2: Use IP address to access VPN (not recommended). As shown in the figure below: Remove the check for block connections to untrusted servers. Enter https://116.31.95.20:443 (off-campus) https://10.20.220.176:443 (on-campus)

6

5. 在中国大陆之外的地区连接 VPN, 可以选用 vpnhk.cuhk.edu.cn连接。To connect to VPN outside the mainland China, you can enter vpnhk.cuhk.edu.cn to connect.

在中国大陆之外的地区，如果连接 VPN 速度慢，可以选用 vpnhk.cuhk.edu.cn 加速

VPN 连接。If you are outside of the mainland China, you can use vpnhk.cuhk.edu.cn to speed up the VPN connection when the connection speed is slow.

7

6. Anyconnect 连接成功之后，不能正常上网？Still can't get online normally after Anyconnect is connected successfully?

• 用域名 vpn.cuhk.edu.cn 或者 IP 地址登录成功之后，如果不能打开网页或

者上网，请先查看 VPN 分配的内网 IP 地址是否正确。如果能够正常获取

IP 地址，说明 Anyconnect 登录成功并且建立 VPN 隧道。如果不能获取内

网 IP 地址，说明 VPN 隧道建立不成功，请联系 ITSO 协助解决。 • After successfully logging in with the domain name vpn.cuhk.edu.cn or

IP address, if you still cannot open the webpage or access the Internet. First, please check whether the internal IP address assigned by the VPN is correct or not. If the IP address can be obtained normally, which means the Anyconnect login is successful and the VPN tunnel is established. If the internal network IP address cannot be obtained, it indicates that the VPN tunnel is not established successfully. Please contact ITSO for assistance.

• 在获取内网 IP 的前提下，如果不能正常访问网页，可以在浏览器输入

10.10.9.31，如果能正常打开，说明网络层是通的，请检查终端是否有其他

代理或者 VPN，并关闭代理和其他 VPN. • After intranet IP is obtained, if you still cannot access the webpage

normally, you can enter 10.10.9.31 in the browser. If it can be opened normally, it means the network layer is accessible. Please check if the terminal has another proxy or VPN. And make sure that you have closed the proxy And other VPNs.

8

7. VPN 的速度受公网网速影响大，可以通过 10.10.10.10 测速。

The speed of VPN is greatly affected by the speed of the public network, and it can be measured by 10.10.10.10.

https://nt-r.cuhk.edu.cn/testspeed 用来测试内网速度，受公网和出口带宽限制，上传和

下载速度通常在 20Mbit/s。

https://nt-r.cuhk.edu.cn/testspeed can be used to test the internal network speed. Due to the limitation of the public network and egress bandwidth, the upload and download speed is usually 20Mbit / s.

8. AnyConnect 不支持在远程桌面时连接。 AnyConnect does not support remote desktop. 当远程桌面连接时，Cisco VPN 连接可能不支持。报错如下

Cisco VPN connection may not be supported when Remote Desktop is connected. The error message showed as follows:

Error: "Secure VPN via remote desktop is not supported"

Users are unable to perform a remote desktop access. The Secure VPN via remote

desktop is not supported error message appears.

9

9. AnyConnect 仅支持一个账号登录当前操作系统。AnyConnect supports only one account to log in to the current operating system. VPN 连接时只允许一个账号登录当前操作系统，当有多个账号登录操作系统时，

VPN 连接会中断。可能收到如下报错： VPN connection allows only one account to log in to the current operating system. When multiple accounts log in to the operating system, the VPN connection is interrupted. You may receive the following error message: "AnyConnect profile settings mandate a single local user, but multiple local users are currently logged into your computer. A VPN connection will not be established."

10. Windows 系统报错“the VPN service is not available, Exiting”。Windows system reports "the VPN service is not available, Exiting". 当 Windows 系统有“the VPN service is not available, Exiting”报错，可以参考如下链接操作，或者按照下图手动 stop 服务，再启动服务。 When the Windows system reports "the VPN service is not available, Exiting", you can refer to the following link, or manually stop the service according to the following figure, and then start the service again. https://community.cisco.com/t5/vpn-and-anyconnect/quot-the-vpn-service-is-not-available-exiting-quot-error-when/td-p/2754562

10

11. AnyConnect 连接成功之后反复中断。AnyConnect is interrupted repeatedly after successful connection. 如果 Anyconnect 连接之后反复中断，请及时联系 ITSO 协助解决, 同时反馈如下信息： If Anyconnect is repeatedly interrupted after connecting, please contact ITSO in time and feedback the following information:

12. AnyConnect 支持的操作系统版本。System Requirements of AnyConnect 安装和升级 AnyConnect 到 4.8 之前，请先确认客户端操作系统版本需求，请参考如下链接和说明。

Before upgrading AnyConnect to 4.8 version, please confirm that if the client operating system version meets requirements. Please refer to the links and detail information as below:

11

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/smb5457-cisco-anyconnect-secure-mobility-client-supported-operating.html

AnyConnect Support for Microsoft Windows

Windows Operating Systems • Windows 7 Special Pack (SP) 1

• Windows 8

• Windows 8.1

• Windows 10 x86 (32-bit) and x64 (64-bit)

Windows Requirements • Pentium class processor or greater

• 100 MB hard disk space

• Microsoft Installer version 3.1

• Upgrading to Windows 8.1 from any previous Windows release requires you to uninstall AnyConnect, and reinstall it after your Windows upgrade is complete.

• Upgrading from Windows XP to any later Windows release requires a clean install since the Cisco AnyConnect Virtual Adapter is not preserved during the upgrade. Manually uninstall AnyConnect, upgrade Windows, and then reinstall AnyConnect manually or via WebLaunch.

• To start AnyConnect with WebLaunch, you must use the 32-bit version of Firefox 3.0+ and enable ActiveX or install Sun JRE 1.4+.

• ASDM version 7.02 or higher is required when using Windows 8 or 8.1

AnyConnect Support for Linux

Linux Operating Systems • Linux Red Hat 6

• Linux Red Hat 7

• Ubuntu 12.04 Long Term Support (LTS)

• Ubuntu 14.04 (LTS)

• Ubuntu 16.04 (LTS) (64-bit only)

Linux Requirements • x86 instruction set

• 64-bit processor

• 32 MB Random Access Memory (RAM)

• 20 MB hard disk space

12

• Superuser privileges are required for installation

• libstdc++ users must have libstdc++.so.6 (GLIBCXX_3.4) or higher, but below version 4

• Java 5 (1.5) or later. The only version that works for web installation is Sun Java. You must install Sun Java and configure your browser to use that instead of the default package.

• zlib — to support SSL deflate compression

• xterm — only required if you're doing initial deployment of AnyConnect via Weblaunch from ASA clientless portal

• gtk 2.0.0

• gdk 2.0.0

• libpango 1.0

• iptables 1.2.7a or later

• tun module supplied with kernel 2.4.21 or 2.6

AnyConnect (Versions 4.8 and above) Support for Mac OS X (Catalina)

Mac OS X Operating Systems • Mac OS X 10.15 ( Details from Apple | AnyConnect 4.8 Release Notes)

Mac OS X Requirements • AnyConnect requires 50 MB of hard disk space.

• To operate correctly with Mac OS X, AnyConnect requires a minimum display resolution of 1024 by 640 pixels.

13. AnyConnect 卸载。AnyConnect uninstall. • Mac OS 卸载：For Mac OS

请参考如下链接 Please refer to the following link： http://kb.mit.edu/confluence/display/mitcontrib/Cisco+Anyconnect+Manual+uninstall+Mac+OS

如果卸载不完全时可以考虑：

13

• Windows 10 卸载 For Windows 10

请参考如下链接 Please refer to the following link： https://oit.colorado.edu/tutorial/vpn-uninstall-cisco-anyconnect-client-windows 如果卸载不完全时可以考虑 If the uninstallation is incomplete, please refer to the following:

• Ubuntu 卸载 For Ubuntu

请参考如下链接 Please refer to the following link：

https://www.socsci.uci.edu/~jstern/uci_vpn_ubuntu/

14. 教职工连接 VPN 之后，图书馆资源无法使用？Library resources cannnot be accessed after faculty connected to the VPN? 当教职工在校外需要访问图书馆电子资源时，可以使用 CUHK(SZ)账号登录 VPN 客户端（Cisco AnyConnect) ，服务器地址变更为 vpn.cuhk.edu.cn/lib 。访问更多海外学术网站时的方式使用 CUHK(SZ)账号登录 VPN 客户端，服务器地址仍然是

vpn.cuhk.edu.cn。When users need to access the library's electronic resources outside the campus, they can use the CUHK (SZ) account to log in the VPN client (Cisco AnyConnect), and the server address should be vpn.cuhk.edu.cn/lib. The

14

way to access more overseas academic websites is still via server address vpn.cuhk.edu.cn.

15. 教职工连接 VPN 之后，国内网页，微信无法正常使用？

After the faculty members connect to the VPN, the domestic webpages and WeChat cannot be used normally? 当用户在校外访问 VPN 同时需要使用微信或者 QQ 通信工具时，建议使用服务器

地址 vpn.cuhk.edu.cn/lib。When users need to use WeChat or QQ communication tools when they access the VPN outside the school at the same time, it is recommended to use the server address vpn.cuhk.edu.cn/lib.

16. 部分硬件不支持 AnyConnect。 For Hardware does not support AnyConnect MateBook E 2019 使用高通 850 处理器，并且搭载最新 ARM 平台，AnyConnect 暂时无法使用。MateBook E 2019 uses a Qualcomm 850 processor and is equipped with the latest ARM platform. AnyConnect is temporarily not compatible.