Guest

Preview Tool

Cisco Bug: CSCuj22359 - IKEv2:Print client error message if anyconnect enable not present on ASA

Last Modified

Aug 11, 2016

Products (1)

  • Cisco AnyConnect Secure Mobility Client

Known Affected Releases

3.1(202)

Description (partial)

Symptom:
When anyconnect is disabled on the ASA(using the command "no anyconnect enable"), the Anyconnect client using ikev2 errors out with the generic message ""The IPsec VPN connection was terminated due to an authentication failure or timeout. Please contact your network administrator".  This should be corrected and must say "Anyconnect is not enabled on the VPN server", like it does when SSL is used. 
Also, the correct message should show up if the anyconnect client tries to RECONNECT. Right now, if we remove "anyconnect enable" from the ASA after the client has connected and then, let's say for some reason, the client disconnects, it will not reconnect again and fails with the error "The VPN client agent encountered a connection failure and reconnect attempts have failed. The VPN connection has been disconnected. A new connection is necessary, which requires re-authentication.", which is very generic. Instead, it should say "Anyconnect is not enabled on the VPN server and reconnect attempts have failed. The VPN connection has been disconnected."

Conditions:
Anyconnect is disabled on the ASA.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.