cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
329
Views
0
Helpful
1
Replies

AnyConnect v3.1.0578 and web auth page using default Cisco certs

sayrmatics
Level 1
Level 1

Hi all

I've just deployed AnyConnect for a customer and presently running v3.1.0578. I've got the core VPN and NAM modules installed and everything is otherwise OK. However, the customer has recently just notified me that they are unable to connect to the guest wifi at a particular site which is built on Cisco WLC. As far as I can tell, the web auth https page for guests to sign in is using certain (perhaps default) Cisco cert. NAM shows an IP address has been assigned quite alright but then the web auth page fails to launch. Using the same endpoints on other pubic hotspots (also with https web auth page) work just fine. Only difference I can tell is that the endpoints have no Cisco root/intermediate certs in their machines stores while the other public web auth pages use certs signed by public CAs. 

Is this a known (perhaps documented) feature as I know there are stricter certificate checks in newer versions of AC but I thought those were purely around clients authenticating to the gateway? I got DART bundles taken just after the issue was reproduced and all I can see in the AC events log is a message saying the socket was closed by the OS or a remote peer.

Thanks in advance

Sayre

 

 

1 Reply 1

sayrmatics
Level 1
Level 1

Went to TAC with this one and upgraded to AC v3.1.06073 and the problem disappeared...apparently an issue with AC detecting a captive portal in certain scenarios, not sure if it is particular to the type of cert used on the captive portal

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: