Re: Anyconnect Security Issue's

ahteshamsoofi · ‎05-06-2010

Hello Fellaws,

This is my first post and I hope you guys would not dissapoint me .

Issue: I have recently deployed Cisco Anyconnect everything was working fine until I realised that " I am only able to establish a VPN connection
thru Cisco Anyconect when I have the adnmin previlages( local / domain) . In order for a normal user to establish a connection i need to first give the user the local admin rights, establish a connection . restart the computer and then remove the user's local admin privilages and from there on the user can establish the connection without any issue.

-> ASA version 8.0(3)
-> Cisco Anyconnect version : 2.4
-> ASDM version 6.0(3)
-> OS : XP prof
-> Machine certificate are been used for authentication.

Thanks for ur help in advance.

jan.nielsen · ‎05-06-2010

When you say you can only "establish" a connection when you are local admin, are you talking about the client not starting, or not being able t

o authenticate with the ASA ?

There was a bug in AnyConnect where it could not access the machine certificate when the user wasn't local admin, but it was fixed in a new 2.4 release. did you specify using machine store in your anyconnect profile.xml file ?

ahteshamsoofi · ‎05-07-2010

Following is the process

1> The error message I am getting is Unable to process the response from " IP ADDRESS"

2> Then I get the the certificate pop up where it says

" The page requires a secure connection which inlcued serve authentication......"

Then the usuallly options yes , no, cancel and view.

3. If i click on yes it says

The cisco anyconnect box right at the bottom says " your client certificate will be used to authenticate "

4. And when I hit the Connect button on the same screen ( box ) it just stays there .