cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
25469
Views
5
Helpful
18
Replies
Highlighted
Beginner

Local network not trustworthy

Hello,

I'm trying to set up "Start before logon" with the latest anyconnect mobile security client.

If I'm trying to connect to the vpn (ASA 5512) before logging in on the client I get the following error message:

"Anyconnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network."

The connection works fine when I connect after logging into the client. 

What I tried to do:

- Issued several self-signed certificates with my server domain, my asa hostname.domain, my external ip on the asa. No luck.

- Tried to change the client profile setting to "connect" for both trusted and untrusted networks (Automatic VPN Policy). No luck.

I ran out of ideas. I'm probably missing something very basic and simple, but what? Thanks in advance!

18 REPLIES 18
Highlighted

I double-click the .p12, choose "Computer", enter the password and afterwards I choose "Trusted Root Certification Authorities". I have four certificates now showing up in mmc (vamos-buero.de, ciscoasa.vamos-buero.de, 81.x.x.x and 192.168.2.45 (which is the ASAs internal IP). It seems they are ignored somehow.

Highlighted

I just tried to recreate the certificates and reimport them on a different client machine. Still no luck, I ran out of ideas. Are there any other suggestions? Is it theoretically possible to disable the check? Would a new dart-file help in finding a solution?

Highlighted

I know this is a 2 year old thread but I had the exact same problem and the only fix for me was to use a CA SSL cert rather than a self-signed cert.
Highlighted
Frequent Contributor

I also had the same faith. The VPN server certificate needs to be TRUSTED by the connecting client.
This is probably due to the fact that if you connect AFTER logon there's that untrusted certificate pop-up "Connect Anyway" and it works, while if you attempt to connect BEFORE logon the same pop-up cannot be shown and hence the generic error.
Content for Community-Ad