cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
configure & troubleshoot anyconnect
159
Views
5
Helpful
2
Replies
Participant

AnyConnect Certs and SANs

Hi guys, 

I'm dealing with a customer who's using the outside interface IP of the ASA for the anyconnect vpn instead of a FQDN. He recently got a wildcard cert for his domain name and that's about it what you see in the SAN(subject alternative names) field. My question is would the anyconnect work if we installed the cert for him if he's gonna continue on using the public IP address instead of a fqdn in the anyconnect client? 

Thanks 

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Enthusiast

Hi, if client will be

Hi, if client will be connecting to IP address instead of FQDN this will be untrusted connection.

Client couldn't be sure he/she is connecting to trusted server.

Nevertheless if you're not blocking connections to untrusted servers in anyconnect client it would work.

So connecting to FQDN would be the right way.

2 REPLIES 2
Highlighted
Enthusiast

Hi, if client will be

Hi, if client will be connecting to IP address instead of FQDN this will be untrusted connection.

Client couldn't be sure he/she is connecting to trusted server.

Nevertheless if you're not blocking connections to untrusted servers in anyconnect client it would work.

So connecting to FQDN would be the right way.

Participant

Thanks. He is making a fqdn

Thanks. He is making a fqdn for his firewall now. One last question he received a subordinate cert and an ssl cert from symantec. Should the ssl cert be installed under the CA Certificates and the subordinate cert in the identity certs where the trustpoint is defined?