01-23-2012 12:38 PM
Hi All,
We have just started moving over to Client SSL VPN Connections. We have this working really well and all our users are able to connect using the AnyConnect client and we are happy it is setup the way we want it.
We decided we would now go to the next step and start using SBL. Looking at the basics, it seemed a simple enought process.
All our clients are Windows 7 with a few XP machines dotted around. Everything is 32-bit.
We did a bit of research and read a lot of the Cisco documentation and decided to give it a try. We went through thr steps and configured the ASA to enable SBL (vpngina, client profile etc). We then picked a handful of machines to test it on. We connected to the ASA via AnyConnect client and sure enough SBL had been installed.
Now the trouble starts. When you turn the machine on we get the VPN logn prompt but when you select the host, it just says connection to host failed. If we bypass the SBL screen and logon normally, we can still use AnyConnect client perfectly. Looking in the Event Viewer, all we can see of any significance is
CTRANSPORT_ERROR_UNTRUSTED_CERT_DISALLOWED_WITH_SBL
We do not use certificates. Do I assume that SBL cannot function unless you purchase a trusted certificate or is this message a red herring, or is there a workaround?
Many thanks in advance.
01-25-2012 12:56 AM
The solution to this for anyone that's interested was to create a self-signed certificate on the ASA and then install it into the Laptop's Machine Trusted Roots store.
It would be nice for Cisco to document this. SBL will not work without a trusted certificate although the Cisco VPN Client does. I have not seen this mentioned in any of the Cisco documentation I have read.
05-18-2012 08:00 AM
is it really resolved the problem ?
i created asa self-signed certificate and export it,
then install to my client's PC trusted roots store
anyway, SBL still not working
it still show "connection attempt failed"
anyone could help me
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide