cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

428
Views
0
Helpful
2
Replies
Highlighted
Beginner

Untrusted server popup when connecting to VPN Posture

untrusted_server_on_isepng.png

 

When connecting to Anyconnect VPN Posture, the untrusted server window pops up.

SSL certificate is installed in ASA.

I think it is necessary to install a certificate on ISE as well.

I have read several guides, but I am not sure what guides can solve my issue.

I want a guide to prevent untrusted server windows from popping up when connecting to Anyconnect VPN Posture

 

- Is it a new or an existing deployment?

existing deployment

- Which version and patch do you have running on ISE?

2.6.0.156 Patch 1

- Which version of AnyConnect are you using?

anyconnect-win-4.7.04056-webdeploy-k9.pkg

- What is the business impact of this issue?

Whenever Anyconnect was connected, the Untrusted Server popup window popped up.

We purchased an SSL certificate and installed it on the ASA yesterday to prevent it from popping up.

When connecting to Anyconnect, the pop-up window did not pop up when accessing the ASA.

The work was successful.

The problem is that when using Posture on Anyconnect, the Untrusted Server popup window pops up when accessing the ISE.

- When did this issue first happen?

See above

- Was it working before ? What has changed ?

See above

 

- Is 172.30.1.55 the IP address of ASA or ISE?

ISE.

domain : ns.ise.com (internal DNS server)

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Untrusted server popup when connecting to VPN Posture

With posture, AnyConnect image is pushed to client machine via ISE and this certificate is presented by ISE.

If the ISE portal usage certificate is signed by external CA or you are using self-signed certificate.

Also make sure that SAN field in the ISE certificate have IP address of the ISE server.

View solution in original post

2 REPLIES 2
Highlighted
Cisco Employee

Re: Untrusted server popup when connecting to VPN Posture

With posture, AnyConnect image is pushed to client machine via ISE and this certificate is presented by ISE.

If the ISE portal usage certificate is signed by external CA or you are using self-signed certificate.

Also make sure that SAN field in the ISE certificate have IP address of the ISE server.

View solution in original post

Highlighted
Beginner

Re: Untrusted server popup when connecting to VPN Posture

Thank you for the reply.
If VPN users provide certificates through ISE, does the ASA need a certificate?
I purchased an SSL certificate from ASA and installed it.
Is there any problem if I purchase one more SSL certificate and install it on ISE ??