Solved: Re: AnyConnect remote site selection

Rafael Jimenez · ‎07-11-2018

Hello,

My ASA vpn certificate for client to site vpn expired. I just installed a new one from godaddy.com changing the CN for a new name. CN=oldname to CN=newname.
Every time that I open the cisco annyconnect Secure Mobility Client the "Ready to Connect" dialog box always shows the oldname (attached picture).
Why this is happening, how can I change this to the newname ?

Thanks.

Rahul Govindan · ‎07-11-2018

Two reasons why this could be happening:

1) You have an Anyconnect profile configured with vpn.mysite.com. The xml profile is located at C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile. You would have to change the Server list entry of profile to the right name:

<ServerList>
<HostEntry>
<HostName>vpn.mysite.com</HostName>
<HostAddress>vpn.mysite.com</HostAddress>
</HostEntry>
</ServerList>

2) You connected previously to the old name and this was cached by AnyConnect. Manually type in new name and connect successfully. From the next attempt onward, the new name will show up.

Note that changing your certificate CN does not mean you can connect to the new name. You would have to add a DNS entry for new name pointing to the ASA's outside ip address.

View solution in original post

balaji.bandi · ‎07-11-2018

From my notes :

==AnyConnect Profiles
XML and profile files are stored locally to the users machine. The location varies based on OS.

Windows XP
%ALLUSERSPROFILE%\Application Data\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Windows Vista
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Windows 7
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Windows 8
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Windows 10
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Mac OS X
/opt/cisco/anyconnect/profile

Linux
/opt/cisco/anyconnect/profile

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Rahul Govindan · ‎07-11-2018

For iOS and Android, you would have to manually change it on the app. If you have a profile configured on the ASA to push through the group-policy, update that too. The AnyConnect profile is technically an admin controlled setting. So if you change this locally on the PC or MAC, it will update itself to the ASA profile settings after a connection is established.

View solution in original post

Rahul Govindan · ‎07-11-2018

Two reasons why this could be happening:

1) You have an Anyconnect profile configured with vpn.mysite.com. The xml profile is located at C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile. You would have to change the Server list entry of profile to the right name:

<ServerList>
<HostEntry>
<HostName>vpn.mysite.com</HostName>
<HostAddress>vpn.mysite.com</HostAddress>
</HostEntry>
</ServerList>

2) You connected previously to the old name and this was cached by AnyConnect. Manually type in new name and connect successfully. From the next attempt onward, the new name will show up.

Note that changing your certificate CN does not mean you can connect to the new name. You would have to add a DNS entry for new name pointing to the ASA's outside ip address.

Rafael Jimenez · ‎07-11-2018

Thanks Rahul for your response.

1. In the case of Apple IOS and Android, how can do that?

2. don't work, after successful connection with the new name, the next time continues showing the old name

Note: Yes, the new DNS entry was created in the godaddy.com dns

I installed the new CA certificate and the Identity certificate.

balaji.bandi · ‎07-11-2018

From my notes :

==AnyConnect Profiles
XML and profile files are stored locally to the users machine. The location varies based on OS.

Windows XP
%ALLUSERSPROFILE%\Application Data\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Windows Vista
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Windows 7
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Windows 8
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Windows 10
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Mac OS X
/opt/cisco/anyconnect/profile

Linux
/opt/cisco/anyconnect/profile

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rahul Govindan · ‎07-11-2018

For iOS and Android, you would have to manually change it on the app. If you have a profile configured on the ASA to push through the group-policy, update that too. The AnyConnect profile is technically an admin controlled setting. So if you change this locally on the PC or MAC, it will update itself to the ASA profile settings after a connection is established.