09-22-2010 01:59 PM - edited 02-21-2020 04:52 PM
Hello,
Environment Details:
OS - Ubuntu 9 64 bit
AnyConnect 2.5 64 bit.
When attempting to connect to a site that uses a self signed certificate AnyConnect displays :
"AnyConnect cannot confirm it is connected to your secure gateway"
I noticed in the release notes it mentioned this error is caused when strict mode is enabled. Does strict mode need to be disable? If so, how? I'm able to connect in a Windows 7 environment, but a dialog does display asking if I want to trust the untrusted source. Any ideas?
Thanks,
Steve
09-22-2010 04:15 PM
Steve,
I'm not an expert on this matter but I can have a look.
Can you show me "show tech" from headend and make an strace with a failing connection?
Marcin
09-23-2010 06:45 AM
I'm don't have access to the server. It looks like you are asking for output from the server process. Right? I did point the administration staff to this thread. Hopefully we'll be able to get you the requested info. In the meantime, I tried executing from the command line and came up with a slightly different error.
./vpn connect XXX.XXX.XXX.XXX
Cisco AnyConnect VPN Client (version 2.5.1025) .
Copyright (c) 2004 - 2010 Cisco Systems, Inc.
All Rights Reserved.
>> state: Disconnected
>> warning: No profile is available. Please enter host to "Connect to".
>> notice: VPN Service is available.
>> registered with local VPN subsystem.
>> state: Disconnected
>> notice: VPN Service is available.
VPN> >> contacting host (XXX.XXX.XXX.XXX) for login information...
>> notice: Contacting XXX.XXX.XXX.XXX.
VPN>
>> Please enter your username and password.
Username: [xxxxxx]
Password:
>> state: Connecting
>> notice: Establishing VPN session...
>> error: The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again.
>> notice: Connection attempt has failed.
>> state: Disconnected
09-23-2010 07:03 AM
Steve,
Strace is local on unix.
Try:
strace ./vpn connect XXX.XXX.XXX.XXX
Marcin
09-23-2010 08:08 AM
09-23-2010 09:02 AM
Steve,
Are you sure that linux Anyconnect package is available on the ASA?
I see this in strace:
" >> error: The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again."
Could be also related to:
Marcin
09-23-2010 09:11 AM
More info... When connecting via a Windows 7 client, a dialog displayed stating the connection attempt was to an untrusted source. Diving deeper into the dialog allowed importing the certificate into a keystore. I'm wondering if I could import that certificate on the Linux side. If so, do you know where the keystore used by the Linux version is located?
09-23-2010 09:27 AM
Steve,
Anyconnect on linux will use Firefox's certificate store.
Marcin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide