cisco anyconnect untrusted vpn server blocked

S.mooney12 · ‎08-13-2018

Hi all

The issue has begun to affect our VPN remote access connections but only for particular users. any thoughts?

VPN_PIC (002).PNG

Alex Pfeil · ‎08-13-2018

One easy fix is to change the AnyConnect preferences on the AnyConnect client. There is only one checkbox regarding certificates. That way they can connect without having an issue.

The second solution would be to install the intermediate certificate authority on their boxes, as well as make sure they are going to the hostname of the certificate.

example: vpn.example.com

S.mooney12 · ‎08-13-2018

Hi there, have tris this however still failiing.

Alex Pfeil · ‎08-13-2018

1. Verify hostname on certificate is the same hostname configured on the ASA.
2. Verify the certificate date is valid.
3. Verify the intermediate and root certificate are installed on ASA.
4. Verify the intermediate and root certificate are installed on client.
5. Verify that the certificates show up as valid on the client.
6. Upgrade AnyConnect client.
7. You could delete certificates on client and re-install them. In small case, I have seen them get corrupted.

S.mooney12 · ‎08-13-2018

Hi Alex

check what you suggested and everything seems fine, as far as a most users are aware the VPN was working Friday. As far as I'm aware there have been no changes over the weekend.

Aphea · ‎08-13-2018

Dear S.mooney12,

According to your mention, I would suggest you to test your SSL Cerfitication Configuration with this link.

https://www.ssllabs.com/ssltest/index.html

you will see whether you have implemented correctly, or facing issue at the screenshot.

Best

Aphea

S.mooney12 · ‎08-14-2018

Thanks