What is wrong when I cannot establish a VPN connection? (Username and Password Requested)

Last updated on: 2014/10/24

 
If you cannot proceed with the VPN connection steps because you are asked for your ID and password (which we have not provided), the followings are the likely causes. We describe below why this happens and what you should do in such cases. (Screen design may be different depending on the OS, browser or their versions.) 
    

Screens

  • The following screen appears when you open https://vpn.riken.jp/ with a web browser.
  • The following screen appears when you try to connect to “vpn.riken.jp” by directly executing the Cisco VPN Client.

What is happening?

Both of the above screens indicate that:

  • The VPN server shifted to username and password authentication screen because the server was unable to authenticate the client with the certificate.
  • But we don’t use “username and password authentication”. We use only Client Certificate Authentication on our VPN service. So you cannot continue on this screen.
  • The reason that the VPN server shifts to the username and password authentication screen shown above is because your certificate is not correctly setup or your VPN connection profile is not correct. Follow the instructions below and retry the connection procedure.

 

The client certificate (settings) is not correct

 

You did not remove your old client certificate when you renewed your certificate.

Please remove your old certificate BEFORE you install the new one.

If an old certificate remains on your computer, the computer assumes that the expired certificate is in use instead of the renewed one.

See this page on how to remove a client certificate.

Note:
Those who have used our previous VPN service (IPsec VPN), whose type is different from the current service, may not need to remove their old certificates.

The client certificate was downloaded incompletely.

A certificate error may occur even if you never had an old one installed on your computer.

This may happen when the certificate file was downloaded incompletely.

Despite the defect, the import process of the file itself was completed successfully, and you did not recognize the problem.

You need to start again by downloading the certificate file as follows.

  1. Remove the certificate with which you failed to establish a VPN connection.
  2. Download again the certificate issued by ACCC.
  3. Carry out the installation process from the beginning again.

 

The default connection profile caused the problem

When you are connecting to the Cisco AnyConnect VPN server, a connection profile file named REPLACE_AsaName2 (or the like) is downloaded automatically. The default value of this file may be set to use username and password authentication, and this causes the problem.

If you cannot connect to the VPN server despite your having confirmed your certificate settings described above, please delete the connection profile file referring to the following. Click the sentence to unfold and read the description.

(The connection profile file contains client username, IP address and host name of the VPN server. The problem is that somehow the file was not be overwritten correctly. )

If you are using Cisco AnyConnect on a PC terminal

If you are using Cisco AnyConnect with a mobile terminal such as iPhone