Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
246
Views
0
Helpful
1
Replies

Anyconnect certificate error on Linux only client

franckra
Level 1
Level 1

‎07-31-2024 12:37 AM

Hi

I have a working mobile fleet using Anyconnect Client V4.8.03036 on Windows with the profile below. My undestanding is that it's about an IPSEC tunnel with a login/pass authentication using *Microsoft* CHAP

I'm trying to configure for the first time an Linux Ubuntu 24.04 LTS laptop using the same version client and the same profile.xml and I get the following error:

"The certificate on the secure gateway is invalid. A VPN connection will not be established"

I don't anderstand why a certificate is involved here and what should I do but I've tried to clean ubuntu certifcate using the following  commande with no success

Sudo update-ca-certificates --fresh

Could you please help me to solve this?

Thank you

PS: I don't have direct access to server side as my company buy this VPN as a service to a telco operator.

 

 

<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
	<ClientInitialization>
		<UseStartBeforeLogon UserControllable="true">false</UseStartBeforeLogon>
		<AutomaticCertSelection UserControllable="false">true</AutomaticCertSelection>
		<ShowPreConnectMessage>false</ShowPreConnectMessage>
		<CertificateStore>All</CertificateStore>
		<CertificateStoreOverride>false</CertificateStoreOverride>
		<ProxySettings>Native</ProxySettings>
		<AllowLocalProxyConnections>false</AllowLocalProxyConnections>
		<AuthenticationTimeout>12</AuthenticationTimeout>
		<AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart>
		<MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect>
		<LocalLanAccess UserControllable="true">true</LocalLanAccess>
		<ClearSmartcardPin UserControllable="true">true</ClearSmartcardPin>
		<IPProtocolSupport>IPv4,IPv6</IPProtocolSupport>
		<AutoReconnect UserControllable="true">true
			<AutoReconnectBehavior UserControllable="false">DisconnectOnSuspend</AutoReconnectBehavior>
		</AutoReconnect>
		<AutoUpdate UserControllable="false">true</AutoUpdate>
		<RSASecurIDIntegration UserControllable="false">Automatic</RSASecurIDIntegration>
		<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>
		<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
		<AutomaticVPNPolicy>true
			<TrustedNetworkPolicy>Disconnect</TrustedNetworkPolicy>
			<UntrustedNetworkPolicy>Connect</UntrustedNetworkPolicy>
			<AlwaysOn>false
			</AlwaysOn>
		</AutomaticVPNPolicy>
		<PPPExclusion UserControllable="True">Automatic
			<PPPExclusionServerIP UserControllable="True"></PPPExclusionServerIP>
		</PPPExclusion>
		<EnableScripting UserControllable="false">false</EnableScripting>
		<EnableAutomaticServerSelection UserControllable="true">false
			<AutoServerSelectionImprovement>20</AutoServerSelectionImprovement>
			<AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime>
		</EnableAutomaticServerSelection>
		<RetainVpnOnLogoff>true
			<UserEnforcement>SameUserOnly</UserEnforcement>
		</RetainVpnOnLogoff>
	</ClientInitialization>
	<ServerList>
		<HostEntry>
			<HostName>DAHOST</HostName>
			<HostAddress>adn1.dahost.net</HostAddress>
			<PrimaryProtocol>IPsec
				<StandardAuthenticationOnly>true
					<AuthMethodDuringIKENegotiation>EAP-MSCHAPv2</AuthMethodDuringIKENegotiation>
					<IKEIdentity>DAHOST_3232</IKEIdentity>
				</StandardAuthenticationOnly>
			</PrimaryProtocol>
		</HostEntry>
	</ServerList>
</AnyConnectProfile>

 

 

Labels:
0 Helpful
1 Reply 1

marce1000
VIP
VIP

‎07-31-2024 01:48 AM

 

                                  - FYIhttps://bst.cloudapps.cisco.com/bugsearch/bug/CSCua73690

      And or review this list https://bst.cloudapps.cisco.com/bugsearch?pf=prdNm&kw=The%20certificate%20on%20the%20secure%20gateway%20is%20invalid&bt=custV&sb=anfr&prdNam=Cisco%20AnyConnect%20Secure%20Mobility%20Client%20v4.x
                                            some of the other bug reports may provide extra hints for you

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful
Customers Also Viewed These Support Documents