07-11-2018 03:21 PM - edited 03-12-2019 05:27 AM
Hello,
My ASA vpn certificate for client to site vpn expired. I just installed a new one from godaddy.com changing the CN for a new name. CN=oldname to CN=newname.
Every time that I open the cisco annyconnect Secure Mobility Client the "Ready to Connect" dialog box always shows the oldname (attached picture).
Why this is happening, how can I change this to the newname ?
Thanks.
Solved! Go to Solution.
07-11-2018 03:29 PM
Two reasons why this could be happening:
1) You have an Anyconnect profile configured with vpn.mysite.com. The xml profile is located at C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile. You would have to change the Server list entry of profile to the right name:
<ServerList>
<HostEntry>
<HostName>vpn.mysite.com</HostName>
<HostAddress>vpn.mysite.com</HostAddress>
</HostEntry>
</ServerList>
2) You connected previously to the old name and this was cached by AnyConnect. Manually type in new name and connect successfully. From the next attempt onward, the new name will show up.
Note that changing your certificate CN does not mean you can connect to the new name. You would have to add a DNS entry for new name pointing to the ASA's outside ip address.
07-11-2018 05:12 PM
From my notes :
==AnyConnect Profiles
XML and profile files are stored locally to the users machine. The location varies based on OS.
Windows XP
%ALLUSERSPROFILE%\Application Data\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
Windows Vista
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
Windows 7
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
Windows 8
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
Windows 10
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
Mac OS X
/opt/cisco/anyconnect/profile
Linux
/opt/cisco/anyconnect/profile
BB
07-11-2018 05:26 PM
For iOS and Android, you would have to manually change it on the app. If you have a profile configured on the ASA to push through the group-policy, update that too. The AnyConnect profile is technically an admin controlled setting. So if you change this locally on the PC or MAC, it will update itself to the ASA profile settings after a connection is established.
07-11-2018 03:29 PM
Two reasons why this could be happening:
1) You have an Anyconnect profile configured with vpn.mysite.com. The xml profile is located at C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile. You would have to change the Server list entry of profile to the right name:
<ServerList>
<HostEntry>
<HostName>vpn.mysite.com</HostName>
<HostAddress>vpn.mysite.com</HostAddress>
</HostEntry>
</ServerList>
2) You connected previously to the old name and this was cached by AnyConnect. Manually type in new name and connect successfully. From the next attempt onward, the new name will show up.
Note that changing your certificate CN does not mean you can connect to the new name. You would have to add a DNS entry for new name pointing to the ASA's outside ip address.
07-11-2018 03:34 PM - edited 07-11-2018 03:36 PM
Thanks Rahul for your response.
1. In the case of Apple IOS and Android, how can do that?
2. don't work, after successful connection with the new name, the next time continues showing the old name
Note: Yes, the new DNS entry was created in the godaddy.com dns
I installed the new CA certificate and the Identity certificate.
07-11-2018 05:12 PM
From my notes :
==AnyConnect Profiles
XML and profile files are stored locally to the users machine. The location varies based on OS.
Windows XP
%ALLUSERSPROFILE%\Application Data\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
Windows Vista
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
Windows 7
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
Windows 8
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
Windows 10
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
Mac OS X
/opt/cisco/anyconnect/profile
Linux
/opt/cisco/anyconnect/profile
BB
07-11-2018 05:26 PM
For iOS and Android, you would have to manually change it on the app. If you have a profile configured on the ASA to push through the group-policy, update that too. The AnyConnect profile is technically an admin controlled setting. So if you change this locally on the PC or MAC, it will update itself to the ASA profile settings after a connection is established.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide