Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1147
Views
0
Helpful
2
Replies

anyconnect secure mobility client support for server name indication

ippolito
Level 1
Level 1

‎05-09-2016 09:24 AM - edited ‎02-21-2020 08:48 PM

Hi,

I'm trying to configure an ASA running 9.5.2.2 to use SNI (server name indication), so that I can have multiple certs on it.

It works if I connect to the device in the browser, but I get a certificate mismatch error with the Cisco AnyConnect Secure Mobility Client v4.2.01022.

I see this link indicating that SNI was submitted as an enhancement request prior to Anyconnect Client v3.1, but I'm wondering if it was ever implemented.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCue35947/?referring_site=bugquickviewclick

Thanks in advance,

Mike

2 people had this problem
Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎05-09-2016 02:25 PM

When looking at a wireshark dump of an AnyConnect 4.2.03013 under MacOS and 4.2.01022 under Win 8.1 connection attempt, there is no SNI-extention visible. Doesn't seem to be implemented yet.

0 Helpful

ippolito
Level 1
Level 1
In response to Karsten Iwen

‎05-10-2016 07:33 AM

Thanks for confirming. Is there a Cisco rep listening in that can tell me if it's on the radar for a future release?

Thanks,

Mike

0 Helpful
Customers Also Viewed These Support Documents