Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
696
Views
0
Helpful
4
Replies

Anyconnect vpn client issue when connecting to multiple gateways.

CyberSecLead
Level 1
Level 1

‎07-02-2013 04:32 AM - edited ‎02-21-2020 07:00 PM

Dear All,

This is regards to Anyconnect SSL VPN.

One of my customer is using the below scenario. He is trying to connect to 2 gateway for vpn access. Gateway 1 (Router) is using anyconnect 3.0 version and Gateway 2 (ASA) is using anyconnect 3.1 version and windows anyconnect client is of version 3.0.

When he is trying to connect to Gateway 1 he is not facing any issues but when he is trying to  connect to Gateway 2, his windows anyconnect client automatically upgrades to 3.1 and prompts with "Untrusted VPN server certificate error" and now again when he tries to connect the same to Gateway 1 he is facing the same "untrusted server issue".  We tried downgrading the "anyconnect client" to 3.0 version on the windows machine  and he is able to connect back to Gateway 1, but the issue is when he try connecting back to Gateway 2, the client upgrades again and unable to connect it.

1) Can we stop anyconnect client on the windows machine to stop auto upgrade ?

2) How to sort out this "certificate error"

Awaiting experts to provide me the solution.

Best Regards.

VR.

Labels:
0 Helpful
4 Replies 4

pankaj29in
Level 1
Level 1

‎07-02-2013 05:10 AM

Hi Vimal,

Check out your exact anyconnect version and follow below link.

https://supportforums.cisco.com/thread/2194121

Regards

Pankaj

0 Helpful

CyberSecLead
Level 1
Level 1
In response to pankaj29in

‎07-02-2013 06:25 AM

Hi Pankaj,

The issue is even if we downgrade to any mentioned version, when tried to contact to gateway2 which has anyconnect 3.1 version (where the gateway is not managed by us), the client automatically upgrades to 3.1 and causes "vpn server certificate error".

Regards / Vimal

0 Helpful

pankaj29in
Level 1
Level 1
In response to CyberSecLead

‎07-02-2013 07:33 AM

In that case upgrade anyconnect pakcage at gatway1.

(router). you can do it ,you just need to Download it from Cisco website.

You can't stop anyconnect to be auto upgrade. If it won't upgrade it won't connect.

0 Helpful

CyberSecLead
Level 1
Level 1
In response to pankaj29in

‎07-02-2013 07:40 AM

Hi Pankaj,

Am on verge on upgrading the gateway1, can you please provide me the steps to configure "server certificate".

Thanks.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents