07-31-2024 12:37 AM
Hi
I have a working mobile fleet using Anyconnect Client V4.8.03036 on Windows with the profile below. My undestanding is that it's about an IPSEC tunnel with a login/pass authentication using *Microsoft* CHAP
I'm trying to configure for the first time an Linux Ubuntu 24.04 LTS laptop using the same version client and the same profile.xml and I get the following error:
"The certificate on the secure gateway is invalid. A VPN connection will not be established"
I don't anderstand why a certificate is involved here and what should I do but I've tried to clean ubuntu certifcate using the following commande with no success
Sudo update-ca-certificates --fresh
Could you please help me to solve this?
Thank you
PS: I don't have direct access to server side as my company buy this VPN as a service to a telco operator.
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
<ClientInitialization>
<UseStartBeforeLogon UserControllable="true">false</UseStartBeforeLogon>
<AutomaticCertSelection UserControllable="false">true</AutomaticCertSelection>
<ShowPreConnectMessage>false</ShowPreConnectMessage>
<CertificateStore>All</CertificateStore>
<CertificateStoreOverride>false</CertificateStoreOverride>
<ProxySettings>Native</ProxySettings>
<AllowLocalProxyConnections>false</AllowLocalProxyConnections>
<AuthenticationTimeout>12</AuthenticationTimeout>
<AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart>
<MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect>
<LocalLanAccess UserControllable="true">true</LocalLanAccess>
<ClearSmartcardPin UserControllable="true">true</ClearSmartcardPin>
<IPProtocolSupport>IPv4,IPv6</IPProtocolSupport>
<AutoReconnect UserControllable="true">true
<AutoReconnectBehavior UserControllable="false">DisconnectOnSuspend</AutoReconnectBehavior>
</AutoReconnect>
<AutoUpdate UserControllable="false">true</AutoUpdate>
<RSASecurIDIntegration UserControllable="false">Automatic</RSASecurIDIntegration>
<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>
<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
<AutomaticVPNPolicy>true
<TrustedNetworkPolicy>Disconnect</TrustedNetworkPolicy>
<UntrustedNetworkPolicy>Connect</UntrustedNetworkPolicy>
<AlwaysOn>false
</AlwaysOn>
</AutomaticVPNPolicy>
<PPPExclusion UserControllable="True">Automatic
<PPPExclusionServerIP UserControllable="True"></PPPExclusionServerIP>
</PPPExclusion>
<EnableScripting UserControllable="false">false</EnableScripting>
<EnableAutomaticServerSelection UserControllable="true">false
<AutoServerSelectionImprovement>20</AutoServerSelectionImprovement>
<AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime>
</EnableAutomaticServerSelection>
<RetainVpnOnLogoff>true
<UserEnforcement>SameUserOnly</UserEnforcement>
</RetainVpnOnLogoff>
</ClientInitialization>
<ServerList>
<HostEntry>
<HostName>DAHOST</HostName>
<HostAddress>adn1.dahost.net</HostAddress>
<PrimaryProtocol>IPsec
<StandardAuthenticationOnly>true
<AuthMethodDuringIKENegotiation>EAP-MSCHAPv2</AuthMethodDuringIKENegotiation>
<IKEIdentity>DAHOST_3232</IKEIdentity>
</StandardAuthenticationOnly>
</PrimaryProtocol>
</HostEntry>
</ServerList>
</AnyConnectProfile>
07-31-2024 01:48 AM
- FYI : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCua73690
And or review this list https://bst.cloudapps.cisco.com/bugsearch?pf=prdNm&kw=The%20certificate%20on%20the%20secure%20gateway%20is%20invalid&bt=custV&sb=anfr&prdNam=Cisco%20AnyConnect%20Secure%20Mobility%20Client%20v4.x
some of the other bug reports may provide extra hints for you
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide