Guest

Preview Tool

Cisco Bug: CSCuj05124 - DOC: "anyconnect enable" command explanation unclear

Last Modified

Nov 08, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.0(3)

Description (partial)

Symptom:
anyconnect client does not connect without "anyconnect enable" command.

Conditions:
In the ASA doc http://www.cisco.com/en/US/docs/security/asa/command-reference/a2.html#wp1830400, it says:

"To enable the ASA to download an AnyConnect client to remote computers, use the anyconnect enable command in webvpn configuration mode. "

It should say:

"To enable the ASA to download an AnyConnect client to remote computers or to connect to the ASA using the anyconnect client via SSL or ikev2,use the anyconnect enable command in webvpn configuration mode."

It also says:

"If the anyconnect enable command is not issued, AnyConnect does not function as expected. As a result, the show webvpn svc command does not consider the SSL VPN client to be enabled and does not list the installed AnyConnect packages. "

It needs to state:

The "anyconnect enable" command is mandatory for anyconnect client or anyconnect weblaunch to work. If the anyconnect enable command is not issued with ssl or ikev2, the Anyconnect client times out with the error "The IPsec VPN connection was terminated due to an authentication failure or timeout. Please contact your network administrator". As a result, the show webvpn svc command does not consider the SSL VPN client to be enabled and does not list the installed AnyConnect packages.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.