05-21-2016 12:42 AM - edited 02-21-2020 08:49 PM
Hello All,
I installed Cisco AnyConnect Secure Mobility Client on my laptop which is running with windows 10. But it is not working and throwing following error,
"AnyConnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network." and i got one more error, before try connecting first time " The name of the site does not math the name of the certificate, do you want ot continue. ".
This is the first time i am trying to do this, and please help me to figure out the exact problem.
Regards,
Abhijith
05-21-2016 10:43 AM
hello Abhijith,
It seems that you are using a self signed cert, and the name used to trigger the connection does not match the one in the cert.
By default, the self-signed certificate currently on the ASA gets installed under the "Other People" folder in the User Certificate Store. In order to get the AnyConnect to connect before login (this is not an issue when you connect after login), try moving it to the "Trusted Root Authority" in the Machine Certificate Store.
Also, pay attention to the usage of the "Hostname" and "Host Address" fields in the server list(XML profile):
1. If you specify only the Hostname field, and not the Host Address field, then the entry of the Hostname field will be compared with the certificate subject and they need to match.
2. If you specify both the Hostname field and the Host Address field, then the entry of the Host Address field will compared with the certificate subject and they need to match.
<ServerList>
<HostEntry>
<HostName>asa.cisco.com</HostName>
<HostAddress>1.1.1.1</HostAddress>
</HostEntry>
</ServerList>
Please proceed to rate and mark as correct the helpful post!
Let me know if you have any doubts,
David Castro,
04-23-2020 12:02 AM
I tried below steps but still I get the error while logging in from SBL, After windows logon it works fine. When I tested from browser I dont get certificate warning but only during SBL I get error.
I created self signed certificate with my URL access e.g vpn.xxxx.com and configured the hostname in xml.
Can you please help me
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide