Guest

Preview Tool

Cisco Bug: CSCvt95013 - Anyconnect VPN load balancing IKEv2 fails on AC 4.8

Last Modified

Jul 22, 2020

Products (1)

  • Cisco AnyConnect Secure Mobility Client

Known Affected Releases

4.8(3036) 4.8(3043)

Description (partial)

Symptom:
VPN loadbalancing with IKEv2.  Works when connecting directly to the ASA's outside ip address but fails when connecting to the load balancing IP address with IKEv2.

Error message seen from the client side is The VPN connection was terminated due to a loss of communication with the secure gateway.  This is due to the firewall not responding to the IKEv2 auth message sent from the AnyConnect clients.

Conditions:
Using IKEv2 AnyConnect 4.8.01090+ to connect to the ASA with VPN load balancing configured with a mix of ASA versions in the cluster. The master in the cluster has to be running a version of ASA that contains the fix for CSCvq35440 and the actual host that AnyConnect is redirected to has to be running an ASA version which does NOT contain a fix for CSCvq35440.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.