Secure Access Resource Connector Disconnected State

Available Languages

Download Options

  • PDF     (15.6 KB)
    View with Adobe Reader on a variety of devices
Updated:May 5, 2026
Document ID:225851

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Contents

Issue

A Secure Access Resource Connector is showing a disconnected state with the error message "This connector is disconnected. Run diagnostics to identify the issue. This often involves checking firewall rules to ensure that the connector can reach Secure Access. If problems persist, contact support." The issue impacts the ability of the connector to function, potentially affecting user access through Secure Access.

Environment

  • Cisco Secure Access

  • Technology: Secure Access Resource Connector

  • Multiple Resource Connectors in the same environment

  • Upstream firewall

Resolution

The resolution approach involved comprehensive network diagnostics and ultimately deploying a new Resource Connector as a replacement for the faulty unit.


Network Traffic Analysis

If there is an upstream firewall, you can run packet captures there + tcpdump on faulty Resource Connector to analyze the TLS handshake and network connectivity.

Certificate Verification

You can retrieve certificate information for api.sse.cisco.com using this command:

echo | openssl s_client -servername api.sse.cisco.com -connect api.sse.cisco.com:443 -showcerts 2>/dev/null | openssl x509 -text -noout -issuer -dates -fingerprint

New Resource Connector Deployment

If you observe TCP RST responses and network-level connectivity issues specific to the faulty RC, deploy a new Resource Connector to replace the problematic unit.

Cause

The root cause was identified as network-level connectivity issues specific to the faulty Resource Connector. The TCP RST responses received when attempting to connect to the Secure Access IPs 35.165.184.17 (us.controller.acgw.sse.cisco.com), combined with one-way traffic patterns observed on the upstream firewall, indicated a communication failure between the specific connector and the Secure Access infrastructure. The fact that another RC in the same environment functioned properly confirmed that the issue was isolated to the individual connector rather than being a broader network or firewall configuration problem.

Related Content

Revision History

Revision Publish Date Comments
1.0
05-May-2026
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Wojciech Brzyszcz
    Technical Consulting Engineering Technical Leader

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products