06-02-2010 01:41 AM - edited 02-21-2020 04:40 PM
ASA5510 with ASDM6.3
Anyconnect is working fine. We allready had a certificate for our external IP adress so we specified AnyConnect to use a different port and bought a certificate for that.
Ive created a XML profile to be pushed to the clients. The problem is that it will not accept or push the port specified so when the client connects it connects to x.x.x.x and therefor getting the wrong certificate instead of connecting to x.x.x.x:442.
If I disable the profile and write x.x.x.x:442 manually in the client it works and I get the right certificate and connects..
What can I do to make the client read the XML file with a port?
XML file:
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
<ClientInitialization>
<UseStartBeforeLogon UserControllable="true">true</UseStartBeforeLogon>
<AutomaticCertSelection UserControllable="true">false</AutomaticCertSelection>
<ShowPreConnectMessage>false</ShowPreConnectMessage>
<CertificateStore>All</CertificateStore>
<CertificateStoreOverride>false</CertificateStoreOverride>
<ProxySettings>Native</ProxySettings>
<AutoConnectOnStart UserControllable="true">true</AutoConnectOnStart>
<MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect>
<LocalLanAccess UserControllable="true">false</LocalLanAccess>
<AutoReconnect UserControllable="false">true
<AutoReconnectBehavior UserControllable="false">DisconnectOnSuspend</AutoReconnectBehavior>
</AutoReconnect>
<AutoUpdate UserControllable="false">true</AutoUpdate>
<RSASecurIDIntegration UserControllable="false">Automatic</RSASecurIDIntegration>
<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>
<WindowsVPNEstablishment>LocalUsersOnly</WindowsVPNEstablishment>
<AutomaticVPNPolicy>false</AutomaticVPNPolicy>
<PPPExclusion UserControllable="false">Disable
<PPPExclusionServerIP UserControllable="false"></PPPExclusionServerIP>
</PPPExclusion>
<EnableScripting UserControllable="false">false</EnableScripting>
<BackupServerList>
</BackupServerList>
<EnableAutomaticServerSelection UserControllable="true">false
<AutoServerSelectionImprovement>20</AutoServerSelectionImprovement>
<AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime>
</EnableAutomaticServerSelection>
<RetainVpnOnLogoff>false
</RetainVpnOnLogoff>
</ClientInitialization>
<ServerList>
<HostEntry>
<HostName>Ardo</HostName>
<HostAddress>X.X.X.X:442</HostAddress>
<UserGroup>SSL_Users</UserGroup>
</HostEntry>
</ServerList>
</AnyConnectProfile>
06-02-2010 11:22 PM
hmm funny..
I´ve tested this:
When I test this it lets me know that 1.0.0.0 doesnt work but it will try x.x.x.x:442... and then it connects!
Now why doesnt it use the port when I do this!? :
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide