What Does This Error Message Really Mean?

Unanswered Question
Oct 2nd, 2010

The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again.

The above error message was received after installing anyconnect-macosx-i386-2.5.1025-k9.dmg on a Mac Pro 3,1 running OS X 10.6.4.  Using Wireshark to monitor the en2 interface on the Mac Pro, I see that it establishes a connection on port 443 to the ASA 5540 gateway.

The cypher exchange appears to complete successfully and both systems begin exchanging data.  The bulk of the data is being transmitted by the ASA 5540.  After the ASA transmits packet 34 in the session, the Mac Pro transmits an Encrypted Alert (packet 35) to the ASA 5540.  Packet 36 is a FIN ACK packet from the Mac Pro closing the connection.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Sat, 10/02/2010 - 18:20

You would still need to upload and install the following same package to the ASA for the connection to work:


Hope that answers your question.

mcrockett Sat, 10/02/2010 - 18:47

Are you suggesting that AnyConnect cannot sense when there is a newer version of the AnyConnect VPN Client running on the client?  The Cisco documentation implied that the ASA would not attempt to update the client when it was running the current or newer version of AnyConnect.

Jennifer Halim Sat, 10/02/2010 - 19:12

You would need to upload the version that you would like to run on the ASA itself. It will not work without the package installed on the ASA.

AnyConnect can be installed on client in 2 ways:

1) Via standalone installation like what you have done.

2) Automatically when connecting to ASA via browser

However, in both scenarios, ASA needs to have that version installed for client to connect to it.

What the documentation means that, if your ASA originally has a new version, and your client is running this new version, and you uploaded an older version of AnyConnect to ASA, it will not attempt to update/downgrade the client's version.

Hope that makes sense.

mcrockett Sat, 10/02/2010 - 18:29

Another interesting feature of this problem is that the "Encrypted Alert" message continues to be retransmitted after you quit the Cisco AnyConnect VPN Client.  It continues to be transmitted until the vpnagentd process is killed.


This Discussion