07-27-2013 11:48 PM - edited 02-21-2020 07:03 PM
I keep getting this error:
AnyConnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network.
I can log in to windows 7, connect using the any connect client and it works fine. But I will log out, lauch the any connect client to connect before logging in to windows and I get the error above. I've read everything I can find and am out of ideas. I've installed the asa certificate in to the Truested Root store and it that took away the untrusted connection message when connecting from
Guides I've looked at:
https://supportforums.cisco.com/thread/2156081
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_anyconnect.html
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml
So what am I missing?
Thanks!
07-30-2013 10:11 AM
I am also having this issue with exactly one client on windows xp. Issue only exists when attempting to sbl. Client version is 3.1.02040.
08-02-2013 09:35 AM
I ended up giving up since I don't have a support contract and can't put a ticket in for help. I ended up turning on the feature to stay logged in when logged out. So I had the users log in vpn then log out and log back in. Not ideal but at this point, its my only option.
08-02-2013 10:06 AM
I opened a TAC case and will update this thread when resolved.
08-02-2013 10:08 AM
Thanks! If they need any additional info, just let me know.
08-22-2013 11:35 AM
The solution in my case was to install the intermediate certificate on the local machine (computer account) in the trusted root store.
11-07-2013 08:45 AM
How did you install the intermediate certificate? We're using a self-generated certificate on the ASA for the anyconnect connections.
01-16-2014 12:59 AM
open mmc.exe via run and then add a computer account certificate snap-in. then you can manage your computer certificates.
after the certificate has been added to your Local Computer Certificate store (note NOT Current User certificate store) you should be fine.
One more thing I noticed is that SBL does not accept IP addresses when connecting to ASA. You must use a domain name. And that domain name must match the subject's CN inside the certificate.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide