Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4992
Views
0
Helpful
2
Replies

Untrusted server popup when connecting to VPN Posture

Go to solution
JustTakeTheFirstStep
Level 4
Level 4

‎05-13-2020 09:08 PM

untrusted_server_on_isepng.png

 

When connecting to Anyconnect VPN Posture, the untrusted server window pops up.

SSL certificate is installed in ASA.

I think it is necessary to install a certificate on ISE as well.

I have read several guides, but I am not sure what guides can solve my issue.

I want a guide to prevent untrusted server windows from popping up when connecting to Anyconnect VPN Posture

 

- Is it a new or an existing deployment?

existing deployment

- Which version and patch do you have running on ISE?

2.6.0.156 Patch 1

- Which version of AnyConnect are you using?

anyconnect-win-4.7.04056-webdeploy-k9.pkg

- What is the business impact of this issue?

Whenever Anyconnect was connected, the Untrusted Server popup window popped up.

We purchased an SSL certificate and installed it on the ASA yesterday to prevent it from popping up.

When connecting to Anyconnect, the pop-up window did not pop up when accessing the ASA.

The work was successful.

The problem is that when using Posture on Anyconnect, the Untrusted Server popup window pops up when accessing the ISE.

- When did this issue first happen?

See above

- Was it working before ? What has changed ?

See above

 

- Is 172.30.1.55 the IP address of ASA or ISE?

ISE.

domain : ns.ise.com (internal DNS server)

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
poongarg
Cisco Employee
Cisco Employee

‎05-13-2020 09:49 PM

With posture, AnyConnect image is pushed to client machine via ISE and this certificate is presented by ISE.

If the ISE portal usage certificate is signed by external CA or you are using self-signed certificate.

Also make sure that SAN field in the ISE certificate have IP address of the ISE server.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
poongarg
Cisco Employee
Cisco Employee

‎05-13-2020 09:49 PM

With posture, AnyConnect image is pushed to client machine via ISE and this certificate is presented by ISE.

If the ISE portal usage certificate is signed by external CA or you are using self-signed certificate.

Also make sure that SAN field in the ISE certificate have IP address of the ISE server.

0 Helpful

Go to solution
JustTakeTheFirstStep
Level 4
Level 4
In response to poongarg

‎05-18-2020 05:42 AM

Thank you for the reply.
If VPN users provide certificates through ISE, does the ASA need a certificate?
I purchased an SSL certificate from ASA and installed it.
Is there any problem if I purchase one more SSL certificate and install it on ISE ??
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents