Cisco Bug: CSCuj22359 - IKEv2:Print client error message if anyconnect enable not present on ASA
Aug 11, 2016
- Cisco AnyConnect Secure Mobility Client
Known Affected Releases
Symptom: When anyconnect is disabled on the ASA(using the command "no anyconnect enable"), the Anyconnect client using ikev2 errors out with the generic message ""The IPsec VPN connection was terminated due to an authentication failure or timeout. Please contact your network administrator". This should be corrected and must say "Anyconnect is not enabled on the VPN server", like it does when SSL is used. Also, the correct message should show up if the anyconnect client tries to RECONNECT. Right now, if we remove "anyconnect enable" from the ASA after the client has connected and then, let's say for some reason, the client disconnects, it will not reconnect again and fails with the error "The VPN client agent encountered a connection failure and reconnect attempts have failed. The VPN connection has been disconnected. A new connection is necessary, which requires re-authentication.", which is very generic. Instead, it should say "Anyconnect is not enabled on the VPN server and reconnect attempts have failed. The VPN connection has been disconnected." Conditions: Anyconnect is disabled on the ASA.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases