Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
39557
Views
0
Helpful
3
Replies

The VPN connection to the selected secure gateway requires a routable IPv6 physical adapter address. Please move to an IPv6 network and retry the connection or select a different secure gateway

sansingh
Cisco Employee
Cisco Employee

‎03-11-2020 11:03 AM

A client on a MAC laptop running Anyconnect client version 4.8.02042 is getting "The VPN connection to the selected secure gateway requires a routable IPv6 physical adapter address. Please move to an IPv6 network and retry the connection or select
a different secure gateway" when client tried connecting to a VPN headend. After a while it seems to connect. We have both IPv4 and IPv6 enabled. I had the client disable IPv6 in the network properties, reboot the MAC and connect and it worked fine. Today with IPv6 disabled, the error message popped up again. Any recommendation, suggestions? This is the only client with this issue, we have hundreds of other client with both MAC and PC connecting successfully using the same version of Anyconnect client.

 

Thanks in advance.

2 people had this problem
Labels:
0 Helpful
3 Replies 3

Cristian Matei
VIP Alumni
VIP Alumni

‎03-11-2020 12:48 PM

Hi,

 

    Based on my experience with weird MAC OS, i would just reinstall AnyConnect , with reboot after uninstalling, on that device if it's the only one with an error; in most cases the virtual NIC remains and behaves in a weird state. Is AnyConnect configured to connect to a FQDN? If so will the DNS server respond with both IPv4 and IPv6 mappings for the FQDN of the ASA? This could be the problem that device may prefer IPv6 to begin with, fail and use IPv4 instead. If the MAC Os does not need IPv6, you could disable IPv6 completely.

 

Regards,

Cristian Matei.

 

0 Helpful

sansingh
Cisco Employee
Cisco Employee
In response to Cristian Matei

‎03-11-2020 02:18 PM

Hello Cristian,

Thanks for your response and suggestions. The Anyconnect profile is
configured to use FQDN and DNS does respond with both IPv6 and IPv4 address.
Earlier this morning I had instructed the client to uninstall Anyconnect
client and reinstall which seems to have fixed the problem. Initially I had
the client disable IPv6, but the client did run into the same error message.
So it appears uninstalling and reinstalling Anyconnect client on the MAC has
resolved this issues and IPv6 is enabled. No other client has reported this
issue and we have lots of clients with both MAC and PC. So appears something
finicky going on with the clients MAC that affected the Anyconnect client.
0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to sansingh

‎03-11-2020 02:54 PM

Hi,

 

    I've seen it many times on Mac OS, especially after upgrades and/or AnyConnect version upgrade; something goes wrong between kernel and vNIC.

 

Regards,

Cristian Matei.

0 Helpful
Customers Also Viewed These Support Documents