AnyConnect VPN on Cisco IOS router problem

Unanswered Question
Jul 18th, 2008
User Badges:

Hi all,

I am using a Cisco 871 IOS router with IOS software release 12.4(20)T (Adv.Security) and the following configuration for SSL VPN access.

aaa new-model


aaa authentication login VPNCLIENT local

aaa authorization network VPNGROUP local

crypto pki trustpoint TP-self-signed-1188774920

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1188774920

revocation-check none

rsakeypair TP-self-signed-1188774920


username remote privilege 0 secret xxx



interface FastEthernet4

ip address


interface Loopback10

ip address


ip local pool VPN-1


webvpn gateway webvpngw-1

ip address port 443

ssl trustpoint TP-self-signed-1188774920

logging enable



webvpn install svc flash:/webvpn/svc_1.pkg sequence 1


webvpn context webvpncontext-1

ssl authenticate verify all


policy group webvpngroup-1

functions svc-enabled

timeout idle 3600

svc address-pool "VPN-1"

svc default-domain "home.loc"

svc keep-client-installed

svc dpd-interval gateway 30

svc rekey method new-tunnel

svc split include

svc split include

svc dns-server primary

default-group-policy webvpngroup-1

aaa authentication list VPNCLIENT

aaa authorization list VPNGROUP

gateway webvpngw-1

max-users 10

user-profile location flash:webvpn/webvpncontext-1/

logging enable



On the client side im using AnyConnect VPN Client version

When I connect to the specified IP address ( I've been asked for username and password. After successfull username/password

verfification I got the error message:

"An error was received from the secure gateway in response to the VPN negotiation request. Please contact your network administrator."

For troubleshooting I turned on the following debug commands.

debug webvpn tunnel

debug webvpn verbose

debug webvpn aaa

debug webvpn cookie

debug webvpn package

debug webvpn entry webvpncontext-1

You can find the output in the attachement

When the connection is closed - the debug shows the following message:

008305: Jul 18 11:35:21.940 CEST: %SSLVPN-5-SSL_TLS_ERROR: vw_ctx: webvpncontext-1 vw_gw: webvpngw-1 i_vrf: 0 f_vrf: 0 status: SSL/TLS connection

error with remote at

If you have any idea, pleas let me know!

Many thanks!!!

Best regards


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
aghaznavi Thu, 07/24/2008 - 10:33
User Badges:
  • Silver, 250 points or more

1. Uninstalled and re-installed the webvpn package and the anyconnect package.

2. Assign the different pool for both ipsec and anyconnect clients.


This Discussion