Anyconnect 3.0.07059 and ASA 8.2 SBL

nelcnetworks · ‎05-17-2012

I am trying to get anyconnect version 3.0.07059 to run start before logon on windows 7 connecting to an ASA5540 running firmware 8.2.

The anyconnect starts fine, but will not connect. If I login to the laptop then run the anyconnect , same setup it connects fine.

Anybody have any ideas on this or will I have to update my ASA to 8.4?

thanks

Vishnu Sharma · ‎05-17-2012

Hi Nelcnetworks,

I have few questions that I would like to ask you to isolate the issue.

1. On the ASA, do you have any certificate applied to the outside interface. If yes then please let me know if the certificate is generated via local CA server or you purchased it from a third party vendor like Godaddy, Entrust etc.

2. If you have a certificates applied to the ASA's outside interface and the certificate is generated locally, then do you have the same certificate installed on the client machine as well.

I know it works fine when you connect manually by launching the anyconnect client because you get prompt foe the certificate error and you ignore that error message and forces ancyconnect client to connect but when you restart the machine and anyconnect launches itself then you do not get any such prompt and anyconnect will fail connection.

So to make it to work, either purchase a third party certificate and apply it to the outside interface or generate a self signed certificate on the ASA and bind it to the outside interface and import the same certifiacte in the trusted root store of the client machine.

You can see that the client is failing connection is because of the certificate error by going through the dart logs captured on your machine.

Let me knwo if this helps.

Thanks,

Vishnu Sharma

nelcnetworks · ‎05-22-2012

Thanks for that you have pointed me in the right direction I will look into it.