This document explains an issue the user faces when trying to connect to ASA using Cisco AnyConnect.
When we try to connect to ASA using Cisco AnyConnect client, the warning message "Security Warning : Untrusted VPN Server Certificate" appears. There is no option to Trust or import the certificate so that the warning is not seen the next time. AnyConnect version used is 3.1.05152. The waring is as shown below:
Upgrading the AnyConnect to version 3.1.06073 or higher will resolve this warning issue as this issue was seen with the AnyConnect version 3.1.05152.
The user can also purchase a certificate for the ASA and install it in the ASA. Also the user can generate a strong self signed certificate (using a 2048-bit RSA key). This certificate is required to be downloaded by the Client and installed in their trusted root CA store. If you use a fully qualified domain name (FQDN) for the VPN users to access the ASA that should be the Common Name (CN) in the certificate.
I'm in the process starting my first round of ASA to FTD device migrations and have concerns and questions regarding what to do with management interface on both during or for migration purposes.My current ASA is attached to Firepower Management Center an...
DACLs oh how I love them.We have lots of users requiring specific routes for their projects, and we have set up DACLs based upon the connection profile. It works well, works across multiple VPN endpoints and can be comprehended by my little brain.With the...
Hello all!I am working with a vendor to pass a certain VLAN between 2 sites of an organization so that phone calls can be made by extensions and not having to dial a 10 digit number. I only have access to the 1 of the sites firewalls and I have been asked...
Hi, I am need to implement Dot1X and use Tacacs+ at the same time with a single machine ISE (version 2.7). Dot1x may need Radius, so it is possible for ISE to act as both Radius and Tacacs+ server with the same IP address? (highlighted in red b...
Hello All,ISE v2.7We recently upgrade our ISE deployment from 2.3 to 2.7 about 2 weeks ago.Since the upgrade, on the ISE Home page, the Active Endpoints section is currently showing 2,558. This number is very inaccurate. Our normal number for active endpo...