browse
Note: Cisco announced the End-of-Life of Cisco AnyConnect in 2023 and the Umbrella Roaming Client in 2024. Many Cisco Umbrella customers are already benefiting from migrating to Cisco Secure Client, and you are encouraged to begin migration as soon as possible to get a better roaming experience. Read more in this Knowledge Base article: How do I install Cisco Secure Client with the Umbrella Module?
Issue
Users are running into a "452 Suspected Replay Attack" error while trying to connect to the Cisco Secure Client (CSC) (formerly AnyConnect) Secure Web Gateway (SWG):
Resolution
Please note that the message "replay attack" is a general warning for time discrepancies because one way to attack an encrypted connection is to repeatedly replay old packets. However, in this case, there is no replay attack actually occurring. Once the time on your computer has been changed, the error will be resolved.
Cause
This error can occur if the system clock on the endpoint is adrift by more than 4 minutes. Because the current time is used for negotiating encryption, if there is a large amount of time difference between the client and the server, they cannot mutually negotiate a safe encrypted connection.