cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12098
Views
10
Helpful
2
Replies

Cisco AnyConnect Secure Mobility Client issue

abhdivak
Level 1
Level 1

Hello All,

I installed Cisco AnyConnect Secure Mobility Client on my laptop which is running with windows 10. But it is not working and throwing following error, 

"AnyConnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network." and i got one more error, before try connecting first time " The name of the site does not math the name of the certificate, do you want ot continue. ".

This is the first time i am trying to do this, and please help me to figure out the exact problem.

Regards,

Abhijith

2 Replies 2

David Castro F.
Spotlight
Spotlight

hello Abhijith,

It seems that you are using a self signed cert, and the name used to trigger the connection does not match the one in the cert. 

By default, the self-signed certificate currently on the ASA gets installed under the "Other People" folder in the User Certificate Store. In order to get the AnyConnect to connect before login (this is not an issue when you connect after login), try moving it to the "Trusted Root Authority" in the Machine Certificate Store.

Also, pay attention to the usage of the "Hostname" and "Host Address" fields in the  server list(XML profile):

 

1. If you specify only the Hostname field, and not the Host Address field, then  the entry of the Hostname field will be compared with the certificate subject and they need to match.

2. If you specify both the Hostname field and the Host Address field, then the  entry of the Host Address field will compared with the certificate subject and they need to match.

  1. Symptom: AnyConnect fails to connect. The user receives "Unable to process response from x.x.x.x" and then "AnyConnect cannot confirm, it is connected to your security gateway. The local network may not be trustworthy. Please try another network."

    Resolution:
    a. Check the certificates, that's usually where the problem is in such cases

 

  1. Resolution: You must have a host defined in the XML profile:

        <ServerList>
            <HostEntry>
                <HostName>asa.cisco.com</HostName>
                <HostAddress>1.1.1.1</HostAddress>
            </HostEntry>
        </ServerList>

Please proceed to rate and mark as correct the helpful post!

Let me know if you have any doubts,

David Castro,

I tried below steps but still I get the error while logging in from SBL, After windows logon it works fine. When I tested from browser I dont get certificate warning but only during SBL I get error. 

 

I created self signed certificate with my URL access e.g vpn.xxxx.com and configured the hostname in xml. 

 

Can you please help me