11-28-2018 07:39 PM - edited 11-28-2018 08:02 PM
I did configuration FlexVPN AnyConnect-Eap as following guide:
FlexVPN: AnyConnect IKEv2 Remote Access with AnyConnect-EAP
I did configuration on 3 routers ASR 1001 IOS XE 3.16S.
I enable BypassDownloader and Disable Captive Portal Detection on the Profile and AnyConnectLocalPolicy.xml. But when i try to connect Anyconnect Secure Mobility Client, Router 1 okie, but Router 2 and Router 3 has problem: "The certificate on the secured gateway is invalid. A VPN connection will not be established"
I debuged on 2 routers and the configuration not problem but the client tried to connect to the router through http and https ( router 1 not see that)
4534 97.712816 192.168.1.21 10.10.10.21 TCP 66 [TCP Out-Of-Order] 50548 → 443 [SYN] Seq=0 Win=8192 Len=0 MSS=1260 WS=4 SACK_PERM=1
Any help would be appreciated.
Thanks,
Phan
11-29-2018 09:42 AM
11-29-2018 06:43 PM - edited 11-29-2018 07:07 PM
Hi RJI, Thanks for reply,
I used my colleague account for this discussion. This is my account
So all router I did the command as you said, I created CA server on my router and the trustpoint, I do command crypto pki authentication trustpoint and crypto pki enrol trustpoint. It's ok, I think that my CA server and trustpoint has problem so, i do it again, and again.I think no problem with CA beacause you can see i IKEv2 debug file, it passed, after IKEv2 done, the client try to connect to https and http to the router, the same case I choose enable Captive Portal Detection in the profile. I guessed i had problem with multi profile and anyconnect policy in the client not effect. But I test on the mobile and another PC, it's still there
Phan.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide