Error Messages on AnyConnect for Apple iOS Devices
Available Languages
Contents
Introduction
This document describes different error messages generated when using the Cisco AnyConnect VPN Client on Apple iPad devices. Corresponding resolutions required in order to eliminate those error messages are also included.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on these software and hardware versions:
-
Cisco AnyConnect Secure Mobility Client 2.5.x for Apple iOS and later
-
Cisco ASA Security Appliance that runs software version 8.2 and later
-
Apple iOS 4.x and later
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Error Messages
This section provides examples of error messages and their respective solutions.
Licensing Issue
This error message is received on the iPad client when trying to launch the AnyConnect application:
The secure gateway has rejected the agent's VPN connect or reconnect request. A new connection requires re-authentication and must be started manually. Please contact your network administrator if this problem persists. The following message was received from the secure gateway: No License VPN session ended.
Solution
You need to have the required license in order to use the AnyConnect VPN Client on iPad clients. Refer to this CLI snippet from the ASA show version command:
AnyConnect for Mobile : Disabled perpetual AnyConnect for Cisco VPN Phone : Disabled perpetual Advanced Endpoint Assessment : Disabled perpetual
Provide details like "PAK number" and "Serial number of the device" at the Cisco Licensing Page (registered customers only) in order to obtain the license. You could also contact Cisco Technical Support or send an e-mail to licensing@cisco.com.
Certificate Authentication Issue
This error log message is received on the Cisco ASA:
%ASA-6-725007: SSL session with client outside:XX.YY.ZZ.ZZ/51249 terminated.
CERT-C: E ../cert-c/source/certobj.c(719) : Error #73ch
CRYPTO_PKI: can not set ca cert object (0x73c)
These error messages are received on the iPad client application:
Solution
The client certificate authentication is failing and the Cisco ASA can parse some certificate extensions successfully, but cannot validate the client certificate. In order to resolve this issue, configure the CA on the ASA and enroll the iPad. Once complete, you should connect successfully using the client certificate.
Address Assignment Issue
This error message is received when trying to connect to an ASA from an iPad AnyConnect Client.
Secure gateway has reject the connection attempt. No address available for SVC connection.
Solution
Verify that the tunnel-group has a valid address-pool/dhcp server and that there are available addresses in that pool.
Group URL Issue
This error message is received while trying to connect:
The group URL requested has not been found. Please specify a valid group URL, and try again.
Solution
Check that the group-url is properly configured on the iOS device and on the head-end. They must match exactly, minus the https://, which should exist on the head-end.
Related Information
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)