Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

C2901, SSL_VPN and iPad/iPhone problem


I've got C2901SEC/K9 and SSL-VPN licence. I've got problem with connectin to SSL-VPN from iPad via AnyConnect Secure Mobility Client 2.5.5112. In log II've got message:

Apr 24 2012 10:27:55.563: %SSLVPN-5-SSL_TLS_ERROR: vw_ctx: UNKNOWN vw_gw: SSL_GW i_vrf: 0 f_vrf: 0 status: SSL/TLS connection error with remote at

It looks like context is unknown??? It's strange because sh webvpn context returns:

WABAGRTGW001#sh webvpn context

Context Name: SSL_USER

Admin Status: up

Operation Status: up

Error and Event Logging: Enabled

CSD Status: Disabled

Certificate authentication type: All attributes (like CRL) are verified

AAA Authentication List: default

AAA Authorization List not configured

AAA Accounting List not configured

AAA Authentication Domain not configured

Authentication mode: AAA authentication

Default Group Policy: SSL_POL

Associated WebVPN Gateway: SSL_GW

Domain Name and Virtual Host not configured

Maximum Users Allowed: 10

NAT Address not configured

VRF Name not configured

Virtual Template: 10

Virtual Access  : 2

If I'm trying login via browser I've got login page to SSL-VPN.

VPn config

WABAGRTGW001#srs webvpn

crypto vpn anyconnect flash0:/webvpn/anyconnect-win-2.5.3055-k9.pkg sequence 2

crypto vpn csd flash0:/webvpn/sdesktop.pkg

webvpn gateway SSL_GW

ip interface GigabitEthernet0/0 port 443

http-redirect port 80

ssl trustpoint local

logging enable



webvpn context SSL_USER

title "Centrum Medyczne MML SSL-VPN"

login-photo file flash:/webvpn/mml_o-nas01.jpg

logo file flash:/webvpn/logo.jpg

secondary-color white

title-color #6060FF

text-color black

login-message "Authorized users only!"


policy group SSL_POL

   functions svc-enabled

   timeout idle 600

   timeout session 43200

   svc dns-server primary

   svc wins-server primary

virtual-template 10

default-group-policy SSL_POL

aaa authentication list default

gateway SSL_GW

max-users 10

logging enable


ssl authenticate verify all


url rewrite

   unmatched-action redirect


For me it's confusing. It works before IOS upgrade. Currently I'm using :

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(3)T, RELEASE SOFTWARE (fc1)

Thanks for help


Cisco Employee

Re: C2901, SSL_VPN and iPad/iPhone problem


Anyconnect from mobile devices to IOS headend (unlike ASA) is not something that Cisco supports (yet). Some people have reported it to work, but we have never claimed that it would.

We're tracking this under following enhancement request:

You can get in touch with your account team to discuss this, for now it's due for March 2013 (tentative).


New Member

Re: C2901, SSL_VPN and iPad/iPhone problem


Yes, I found that. BTW. in IOS 15.2(1)T1, Apple's devices are working fine.



CreatePlease to create content