This issue is due to the presence of Cisco bug ID CSCsh75977.

In this issue, after a reboot of the PIX or ASA firewall, the Easy VPN Remote tunnel does not open. At boot time, the firewall displays an error on the console similar to this:

.* Remove 'aaa authentication listener' configuration

CONFIG CONFLICT: Configuration that would prevent successful Cisco Easy VPN Remote operation has been detected, and is listed above. Please resolve the above configuration conflict(s) and re-enable.

The show running-config command shows that two or more aaa authentication listener commands are added automatically, and that the vpnclient enable command is removed.

The defect only occurs if the interface used by VPN Remote is configured with a dynamic IP address, which is either Dynamic Host Control Protocol (DHCP) or Point-to-Point over Ethernet (PPoE).

The workaround for this issue is to remove the aaa authentication listener command, then issue the vpnclient enable command in configuration mode.

In order to completely resolve this issue, downgrade the PIX/ASA to version 7.2(1) or upgrade to version 7.2(2.14) and later.

Refer to Cisco Downloads in order to download the suggested PIX/ASA software versions.