Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

The Easy VPN Remote tunnel fails to open on a PIX/ASA firewall after reboot, and the "* Remove 'aaa authentication listener' configuration" error message appears at boot time

Core issue

This issue is due to the presence of Cisco bug ID CSCsh75977.

In this issue, after a reboot of the PIX or ASA firewall, the Easy VPN Remote tunnel does not open. At boot time, the firewall displays an error on the console similar to this:

.* Remove 'aaa authentication listener' configuration

CONFIG CONFLICT: Configuration that would prevent successful Cisco Easy VPN Remote operation has been detected, and is listed above. Please resolve the above configuration conflict(s) and re-enable.

show running-config command shows that two or more aaa authentication listener commands are added automatically, and that the vpnclient enable command is removed.

The defect only occurs if the interface used by VPN Remote is configured with a dynamic IP address, which is either Dynamic Host Control Protocol (DHCP) or Point-to-Point over Ethernet (PPoE).


The workaround for this issue is to remove the aaa authentication listener command, then issue the vpnclient enable command in configuration mode.

In order to completely resolve this issue, downgrade the PIX/ASA to version 7.2(1) or upgrade to version 7.2(2.14) and later.

Refer to Cisco Downloads in order to download the suggested PIX/ASA software versions.

New Member

I experience this problem on a ASA 5505 running 8.2(1).

New Member

Will this bug be fixed in one of the future releases??