While debugging ('debug webvpn anyconnect 255' and 'debug pix uauth'), we see the following: webvpncstpaddrcallback: Session=0x0ab84000, IPv4 returned. Webvpncstpipv6addrcallback: IPv6 callback entered. Webvpncstpipv6addrcallback: Session=0x0ab84000, no IPv6 address returned. Anyconnect VPN connect fails - Potential security threat detected with secure gateway's server certificate.
| This article refers to the Cisco AnyConnect VPN. If you're looking for information on the Prisma Access VPN Beta that uses the GobalConnect app, see: Prisma Access VPN Landing Page. If you're not sure which service you're using, see: How do I know if I'm using the Cisco AnyConnect VPN or the Prisma Access VPN? |
What should be done when an attempt to connect to VPN using Cisco AnyConnect generates this message: AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.
In the Windows Control Panel navigate to Internet options (Network and Internet Connections, and then Internet Options)
Once there, the user will need to select the Connections tab, and then LAN Settings. Make sure the option 'Use automatic configure script' is unchecked, reboot, and then retry Cisco AnyConnect.
Contents
Introduction
This document describes different error messages generated when using the Cisco AnyConnect VPN Client on Apple iPad devices. Corresponding resolutions required in order to eliminate those error messages are also included.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
Error Messages On AnyConnect For Apple IOS Devices - Cisco
The information in this document is based on these software and hardware versions:
Cisco AnyConnect Secure Mobility Client 2.5.x for Apple iOS and later
Cisco ASA Security Appliance that runs software version 8.2 and later
Apple iOS 4.x and later
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
See All Results For This Question
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Error Messages
This section provides examples of error messages and their respective solutions.
Licensing Issue
This error message is received on the iPad client when trying to launch the AnyConnect application:
Solution
You need to have the required license in order to use the AnyConnect VPN Client on iPad clients. Refer to this CLI snippet from the ASA show version command:
Provide details like 'PAK number' and 'Serial number of the device' at the Cisco Licensing Page (registered customers only) in order to obtain the license. You could also contact Cisco Technical Support or send an e-mail to licensing@cisco.com.
Certificate Authentication Issue
This error log message is received on the Cisco ASA:
%ASA-6-725007: SSL session with client outside:XX.YY.ZZ.ZZ/51249 terminated.
CERT-C: E ../cert-c/source/certobj.c(719) : Error #73ch
CRYPTO_PKI: can not set ca cert object (0x73c)
These error messages are received on the iPad client application:
Solution
The client certificate authentication is failing and the Cisco ASA can parse some certificate extensions successfully, but cannot validate the client certificate. In order to resolve this issue, configure the CA on the ASA and enroll the iPad. Once complete, you should connect successfully using the client certificate.
Address Assignment Issue
This error message is received when trying to connect to an ASA from an iPad AnyConnect Client.
Solution
Verify that the tunnel-group has a valid address-pool/dhcp server and that there are available addresses in that pool.
Group URL Issue
This error message is received while trying to connect:
Solution
Check that the group-url is properly configured on the iOS device and on the head-end. They must match exactly, minus the https://, which should exist on the head-end.
Related Information