Core issue
The error message appears when the VPN Client fails to receive an IP address from an Access Control Server (ACS), which is configured to assign IP addresses.
Resolution
For a workaround,
It is recommended to reconfigure the settings in the VPN concentrator and the ip pools on the ACS:
On the VPN Concentrator, choose Configuration > System > Address Management > Assignment > Use Address from Authentication Server > Apply in order to choose the authentication server option for IP address assignment.
On the Cisco VPN 3000 Concentrator, choose Configuration > System > Servers > Accounting Servers.
Add the details for the ACS in order to specify the ACS as an Accounting Server. This allows the ACS to see what IP addresses are in use and assign free IP addresses.
In the ACS, go into either the User Setup or the Group Setup in order to provide the IP address.
Choose VPN Client IP Address Assignment.
Choose Assigned from AAA server pool. An IP address pool on the Authentication Authorization Accounting (AAA) server assigns the IP address.
Refer to the Setting IP Address Assignment Method for a User Group section of User Group Management for more information about the available options.
Refer to the IP Pools Server section of http://www.cisco.com/en/US/customer/products/sw/secursw/ps2086/products_user_guide_chapter09186a008023360a.html System Configuration: Advanced in order to configure the IP pools on the ACS.
Problem Type
Troubleshoot software feature
Product Family
Cisco Secure access control server
VPN - 3000 series concentrator
