I'm trying to set up "Start before logon" with the latest anyconnect mobile security client.
If I'm trying to connect to the vpn (ASA 5512) before logging in on the client I get the following error message:
"Anyconnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network."
The connection works fine when I connect after logging into the client.
What I tried to do:
- Issued several self-signed certificates with my server domain, my asa hostname.domain, my external ip on the asa. No luck.
- Tried to change the client profile setting to "connect" for both trusted and untrusted networks (Automatic VPN Policy). No luck.
I ran out of ideas. I'm probably missing something very basic and simple, but what? Thanks in advance!
I double-click the .p12, choose "Computer", enter the password and afterwards I choose "Trusted Root Certification Authorities". I have four certificates now showing up in mmc (vamos-buero.de, ciscoasa.vamos-buero.de, 81.x.x.x and 192.168.2.45 (which is the ASAs internal IP). It seems they are ignored somehow.
I just tried to recreate the certificates and reimport them on a different client machine. Still no luck, I ran out of ideas. Are there any other suggestions? Is it theoretically possible to disable the check? Would a new dart-file help in finding a solution?