The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again.
The above error message was received after installing anyconnect-macosx-i386-2.5.1025-k9.dmg on a Mac Pro 3,1 running OS X 10.6.4. Using Wireshark to monitor the en2 interface on the Mac Pro, I see that it establishes a connection on port 443 to the ASA 5540 gateway.
The cypher exchange appears to complete successfully and both systems begin exchanging data. The bulk of the data is being transmitted by the ASA 5540. After the ASA transmits packet 34 in the session, the Mac Pro transmits an Encrypted Alert (packet 35) to the ASA 5540. Packet 36 is a FIN ACK packet from the Mac Pro closing the connection.
Are you suggesting that AnyConnect cannot sense when there is a newer version of the AnyConnect VPN Client running on the client? The Cisco documentation implied that the ASA would not attempt to update the client when it was running the current or newer version of AnyConnect.
You would need to upload the version that you would like to run on the ASA itself. It will not work without the package installed on the ASA.
AnyConnect can be installed on client in 2 ways:
1) Via standalone installation like what you have done.
2) Automatically when connecting to ASA via browser
However, in both scenarios, ASA needs to have that version installed for client to connect to it.
What the documentation means that, if your ASA originally has a new version, and your client is running this new version, and you uploaded an older version of AnyConnect to ASA, it will not attempt to update/downgrade the client's version.
Another interesting feature of this problem is that the "Encrypted Alert" message continues to be retransmitted after you quit the Cisco AnyConnect VPN Client. It continues to be transmitted until the vpnagentd process is killed.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :