cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
236
Views
0
Helpful
4
Replies
Participant

AnyConnect remote site selection

Hello, 

My ASA vpn certificate for client to site vpn expired. I just installed a new one from godaddy.com changing the CN for a new name. CN=oldname to CN=newname.
Every time that I open the cisco annyconnect Secure Mobility Client the "Ready to Connect" dialog box always shows the oldname (attached picture).
Why this is happening, how can I change this to the newname ?

 

Thanks.

3 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Engager

Re: AnyConnect remote site selection

Two reasons why this could be happening:

 

1) You have an Anyconnect profile configured with vpn.mysite.com. The xml profile is located at C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile. You would have to change the Server list entry of profile to the right name:

<ServerList>
<HostEntry>
<HostName>vpn.mysite.com</HostName>
<HostAddress>vpn.mysite.com</HostAddress>
</HostEntry>
</ServerList>

 

2)  You connected previously to the old name and this was cached by AnyConnect. Manually type in new name and connect successfully. From the next attempt onward, the new name will show up.

 

Note that changing your certificate CN does not mean you can connect to the new name. You would have to add a DNS entry for new name pointing to the ASA's outside ip address. 

 

Contributor

Re: AnyConnect remote site selection

From my notes :

 

==AnyConnect Profiles
XML and profile files are stored locally to the users machine. The location varies based on OS.

Windows XP
%ALLUSERSPROFILE%\Application Data\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Windows Vista
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Windows 7
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Windows 8
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Windows 10
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Mac OS X
/opt/cisco/anyconnect/profile

Linux
/opt/cisco/anyconnect/profile

 

BB

BB
*** Rate All Helpful Responses ***
VIP Engager

Re: AnyConnect remote site selection

For iOS and Android, you would have to manually change it on the app. If you have a profile configured on the ASA to push through the group-policy, update that too. The AnyConnect profile is technically an admin controlled setting. So if you change this locally on the PC or MAC, it will update itself to the ASA profile settings after a connection is established.

4 REPLIES
VIP Engager

Re: AnyConnect remote site selection

Two reasons why this could be happening:

 

1) You have an Anyconnect profile configured with vpn.mysite.com. The xml profile is located at C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile. You would have to change the Server list entry of profile to the right name:

<ServerList>
<HostEntry>
<HostName>vpn.mysite.com</HostName>
<HostAddress>vpn.mysite.com</HostAddress>
</HostEntry>
</ServerList>

 

2)  You connected previously to the old name and this was cached by AnyConnect. Manually type in new name and connect successfully. From the next attempt onward, the new name will show up.

 

Note that changing your certificate CN does not mean you can connect to the new name. You would have to add a DNS entry for new name pointing to the ASA's outside ip address. 

 

Highlighted
Participant

Re: AnyConnect remote site selection

Thanks Rahul for your response.

1. In the case of Apple IOS and Android, how can do that?

2. don't work, after successful connection with the new name, the next time continues showing the old name

Note:  Yes, the new DNS entry was created in the godaddy.com dns

I installed the new CA certificate and the Identity certificate.

 

 

Contributor

Re: AnyConnect remote site selection

From my notes :

 

==AnyConnect Profiles
XML and profile files are stored locally to the users machine. The location varies based on OS.

Windows XP
%ALLUSERSPROFILE%\Application Data\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Windows Vista
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Windows 7
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Windows 8
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Windows 10
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Mac OS X
/opt/cisco/anyconnect/profile

Linux
/opt/cisco/anyconnect/profile

 

BB

BB
*** Rate All Helpful Responses ***
VIP Engager

Re: AnyConnect remote site selection

For iOS and Android, you would have to manually change it on the app. If you have a profile configured on the ASA to push through the group-policy, update that too. The AnyConnect profile is technically an admin controlled setting. So if you change this locally on the PC or MAC, it will update itself to the ASA profile settings after a connection is established.

CreatePlease to create content
Ask the Expert- Webex Hybrid Services Solutions