Secure Access RA-VPN IPv6 Connection Failure - Protocol Configuration Issue

Available Languages

Download Options

  • PDF     (4.0 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (83.5 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (68.6 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:April 16, 2026
Document ID:225756

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Issue

RA-VPN connections over IPv6 to Cisco Secure Access are failing to establish, with the Cisco Secure Client UI displaying a generic connection failure message. The issue affects testing of IPv6-based remote access connectivity using an existing RA-VPN profile. Research indicates that the SSE RA-VPN profile is not properly setting the protocol field for IPv6 connectivity.

Environment

  • Technology: Solution Support (SSPT - contract required)
  • Sub-technology: Secure Access - Secure Client Remote Access (VPN, Posture, Private Resource)
  • Software Version: ALL
  • Cisco Secure Client attempting IPv6 RA-VPN connection
  • Cisco Secure Access SSE platform
  • Existing RA-VPN profile configuration

Resolution

To resolve the IPv6 RA-VPN connection failure, the IP Protocol Supported setting must be properly configured in the RA-VPN profile. Follow these steps to enable IPv6 support:

Step 1: Access Client Settings

Navigate to the Client Settings section in the Cisco Secure Access management interface.

Step 2: Configure Administrator Settings

Within Client Settings, locate and access the Administrator Settings section.

Step 3: Set IP Protocol Supported

Configure the IP Protocol Supported dropdown to include IPv6 support. This setting controls which IP protocols the RA-VPN profile supports for client connections.

Step 4: Save Configuration

Save the updated RA-VPN profile configuration to ensure the IPv6 protocol setting is applied.

Step 5: Test Connection

Retest the IPv6 RA-VPN connection using the Cisco Secure Client to verify that the connection now establishes successfully.

Cause

The root cause of the IPv6 RA-VPN connection failure is that the IP Protocol Supported setting in the RA-VPN profile was not configured to support IPv6 connections. The SSE RA-VPN profile requires explicit configuration of the protocol field to enable IPv6 connectivity. Without this setting properly configured, the Cisco Secure Client cannot establish IPv6-based VPN connections to the Cisco Secure Access platform.

Related Content

Revision History

Revision Publish Date Comments
1.0
17-Apr-2026
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Amit Arora
    Technical Consulting Engineer

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products