Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3181
Views
0
Helpful
5
Replies

Cisco AnyConnect issue

andy.hockett
Level 1
Level 1

‎06-28-2011 11:16 AM - edited ‎02-21-2020 05:25 PM

Users are getting a Certificate validation error when trying to connect to vpn through the Cisco anyconnect client. We have them delete the profiles folder in the c: drive and they can connect fine. They could delete the folder everytime but the users would get frustrated. All of these users have the  correct cert, but it's been a growing issue.

Labels:
0 Helpful
5 Replies 5

Nelson Rodrigues
Cisco Employee
Cisco Employee

‎06-29-2011 07:14 AM

HI Charles, a coupl of questions to understand your environement.

What versions of ASA and AnyConnect client is this occurring on?

What OS plaforms do you see the problem with?

Did  cert-authentication ever work, or is this a random problem?

Thx,

Nelson

0 Helpful

andy.hockett
Level 1
Level 1
In response to Nelson Rodrigues

‎06-29-2011 09:23 AM

Hi Nelson,

asa 5520

anyconnect version 2.4

OS platforms is XP and 7

Yes the cert auth did work, then after a disconnect they get the certificate validation error.

Hope this helps!

0 Helpful

Nelson Rodrigues
Cisco Employee
Cisco Employee
In response to andy.hockett

‎06-29-2011 10:42 AM

Charles,

Assuming the certs are still valid, what changed in your environment ?

Did the ASA version change from the time it was working and now?

BTW, what version of ASA are you using on the ASA 5520?

Do  a "show version " on CLI or check the  ASDM Home panel to determine the version.

0 Helpful

andy.hockett
Level 1
Level 1
In response to Nelson Rodrigues

‎06-29-2011 11:14 AM

Yeah the certs are still valid, when we delete the profile folder from there pc they connect fine.

Nothing has changed config wise either.

ASA ver is 8.2(2)

ADSM ver 6.2(5)

0 Helpful

Nelson Rodrigues
Cisco Employee
Cisco Employee
In response to andy.hockett

‎06-30-2011 08:24 AM

Charles, thi sneeds to be debugged further to diagnose the problem.

Looking At AnyConnect (AC) 2.5.x and even 3.x Release Notes, there are some bug fixes for certifcates in there.

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/release/notes/anyconnect25rn.html#wp1174092

If you are willing to do some testing yourself  on a problematic PC, you could try to get a new AnyConnect (AC) 2.5.x on a PC to see if the issue goes away. 

If  the above  is not possible then I recommend you open a TAC case and attach the DART and if possible wireshark trace on the PC for the AC connection attempt .

DART is the Diagnostic AnyConnect Reporting Tool and its installation/use is explained here http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect24/administration/guide/ac08managemonitortbs.html#wp1055965

BR,

Nelson

0 Helpful
Customers Also Viewed These Support Documents