Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
49586
Views
5
Helpful
18
Replies

Local network not trustworthy

vamos_fernholz
Level 1
Level 1

‎09-12-2016 03:25 AM

Hello,

I'm trying to set up "Start before logon" with the latest anyconnect mobile security client.

If I'm trying to connect to the vpn (ASA 5512) before logging in on the client I get the following error message:

"Anyconnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network."

The connection works fine when I connect after logging into the client. 

What I tried to do:

- Issued several self-signed certificates with my server domain, my asa hostname.domain, my external ip on the asa. No luck.

- Tried to change the client profile setting to "connect" for both trusted and untrusted networks (Automatic VPN Policy). No luck.

I ran out of ideas. I'm probably missing something very basic and simple, but what? Thanks in advance!

8 people had this problem
Labels:
0 Helpful
18 Replies 18

vamos_fernholz
Level 1
Level 1
In response to pjain2

‎09-15-2016 06:13 AM

I double-click the .p12, choose "Computer", enter the password and afterwards I choose "Trusted Root Certification Authorities". I have four certificates now showing up in mmc (vamos-buero.de, ciscoasa.vamos-buero.de, 81.x.x.x and 192.168.2.45 (which is the ASAs internal IP). It seems they are ignored somehow.

0 Helpful

vamos_fernholz
Level 1
Level 1
In response to vamos_fernholz

‎09-26-2016 12:40 AM

I just tried to recreate the certificates and reimport them on a different client machine. Still no luck, I ran out of ideas. Are there any other suggestions? Is it theoretically possible to disable the check? Would a new dart-file help in finding a solution?

0 Helpful

peat
Level 1
Level 1
In response to vamos_fernholz

‎10-30-2018 02:37 AM

I know this is a 2 year old thread but I had the exact same problem and the only fix for me was to use a CA SSL cert rather than a self-signed cert.

Florin Barhala
Level 6
Level 6
In response to peat

‎07-21-2020 12:22 AM

I also had the same faith. The VPN server certificate needs to be TRUSTED by the connecting client.
This is probably due to the fact that if you connect AFTER logon there's that untrusted certificate pop-up "Connect Anyway" and it works, while if you attempt to connect BEFORE logon the same pop-up cannot be shown and hence the generic error.
0 Helpful
Customers Also Viewed These Support Documents