Guest

Cisco AnyConnect Secure Mobility Client

AnyConnect Creates Duplicate Client Entries on the iPhone/iPad

Document ID: 116144

Updated: Jun 18, 2013

Contributed by Atri Basu, Cisco TAC Engineer.

   Print

Introduction

This document describes why duplicate entries are created on the Cisco AnyConnect Secure Mobility Client (AnyConnect) for Apple iOS devices.

Problem

AnyConnect creates duplicate client entries on the iPhone/iPad. When you connect with AnyConnect for the iPhone/iPad, the device displays the message "VPN configuration created by user has been renamed to avoid a name conflict with imported configuration" as shown here:

116144-problem-ASA-01.png

When you click OK, you find that a duplicate entry was created in the GUI that was not there before the connection was made. This can cause confusion.

Steps to Reproduce the Problem

  1. Create a client profile for the mobile device that has an entry in the server list where the host display name is the same as the fully qualified domain name (FQDN):
    116144-problem-ASA-02.png

  2. Download the application from the Apple App Store.
  3. Create a manual entry to connect to the Cisco Adaptive Security Appliance (ASA) and download the client profile from the ASA. The client profile contains an entry in the server list where the host display name is the same as the FQDN/connection name used to create the manual entry.
  4. Once the client profile is downloaded, AnyConnect automatically creates a new entry in the GUI and renames the entry that you manually created. At this point, it displays a message that indicates that the entry has been renamed.

Solution

This is expected behavior. The warning message is seen because of Cisco Bug ID CSCue06318.

Once the profile is imported, AnyConnect gathers the information about all the servers from the server list in the client profile and builds an entry for each of those servers. Thus if there is a server list entry that conflicts with the one you created to initiate the connection, the client is forced to rename it. Since the new entry is pulled from the profile, it cannot be changed. Therefore, the client renames the manual entry if its name is similar to one of the host display names in the serverlist. The message that displays alerts you that the name has been changed.

The host display name in the server list only defines the name that displays so it is not important whether it is xyz.company.com or simply xyz. In order to delete the error message, ensure that the host display name of the entry in the server list in the client profile is not the same as the FQDN of the server and that users do not use the same name when they create the profile. There is no way to stop the creation of the second entry in the client profile.

Currently, there is no way for the client to update the manual entry directly. Instead it creates a new entry. Cisco Bug ID CSCuf31510 has been filed as an enhancement request to change this behavior. The best way to work around this behavior is to delete the manual entry.

This method ensures that the entry created from the client profile is always selected by default and that the users can select it to connect. The only caveat is that the first time users connect, they are disconnected once the profile is downloaded and they have to manually connect again. Cisco Bug ID CSCuf31490 has been filed as an enhancement request to change this behavior so that AnyConnect automatically connects to the active server.

It is possible to avoid this situation and simplify configuration of the Anyconnect Client with the use of URL handlers. URL handlers also greatly simplify the end-user experience because they provide a URL that the user clicks rather than the other method that requires users to manually create the conneciton information. Refer to the Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 2.5 for more information on the use of URL handlers.

Related Information

Updated: Jun 18, 2013
Document ID: 116144