cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3182
Views
0
Helpful
5
Replies

Cisco AnyConnect issue

andy.hockett
Level 1
Level 1

Users are getting a Certificate validation error when trying to connect to vpn through the Cisco anyconnect client. We have them delete the profiles folder in the c: drive and they can connect fine. They could delete the folder everytime but the users would get frustrated. All of these users have the  correct cert, but it's been a growing issue.

5 Replies 5

Nelson Rodrigues
Cisco Employee
Cisco Employee

HI Charles, a coupl of questions to understand your environement.

What versions of ASA and AnyConnect client is this occurring on?

What OS plaforms do you see the problem with?

Did  cert-authentication ever work, or is this a random problem?

Thx,

Nelson

Hi Nelson,

asa 5520

anyconnect version 2.4

OS platforms is XP and 7

Yes the cert auth did work, then after a disconnect they get the certificate validation error.

Hope this helps!

Charles,

Assuming the certs are still valid, what changed in your environment ?

Did the ASA version change from the time it was working and now?

BTW, what version of ASA are you using on the ASA 5520?

Do  a "show version " on CLI or check the  ASDM Home panel to determine the version.

Yeah the certs are still valid, when we delete the profile folder from there pc they connect fine.

Nothing has changed config wise either.

ASA ver is 8.2(2)

ADSM ver 6.2(5)

Charles, thi sneeds to be debugged further to diagnose the problem.

Looking At AnyConnect (AC) 2.5.x and even 3.x Release Notes, there are some bug fixes for certifcates in there.

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/release/notes/anyconnect25rn.html#wp1174092

If you are willing to do some testing yourself  on a problematic PC, you could try to get a new AnyConnect (AC) 2.5.x on a PC to see if the issue goes away. 

If  the above  is not possible then I recommend you open a TAC case and attach the DART and if possible wireshark trace on the PC for the AC connection attempt .

DART is the Diagnostic AnyConnect Reporting Tool and its installation/use is explained here http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect24/administration/guide/ac08managemonitortbs.html#wp1055965

BR,

Nelson