09-03-2013 10:34 AM
Hi
I have an ASA5510 in failover, after a reload, a message "Untrusted VPN Server Blocked" appears after the first attempt to connect to the VPN, if we uncheck the "Block connections to untrusted servers" in preference settings the profile is updated and the connection is successful.
If I disconnect the VPN and try again it appears another profile.
I try this step for another link, but the result is the same for me
Try the following steps,
1. Click on Anyconnect Client profile
2. Edit Anyconnect_Group profile
3. Edit Server list
4. Add or Edit the hostname (You will see IP address, however, your cert is URL address ) So you have to add it or delete the IP address and keep URL )
5. Host display: Remote.exmaple.com and FQDN: Remote.example.com
** Your cert that you applied for the interface must match the URL otherwise it won't work. So you can make your Cert
(( *.example.com )) and it should match any URL you give
Does anyone knows what could be the cause of this problem?
Regards
09-07-2013 01:24 AM
Ricardo,
it sounds like you don't have a certificate installed on the ASA, so the ASA uses a non-persistent self-signed certificate.
This doc explains how to create a persistent self-signed certificate:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml
Better still would be to purchase a 'real' certificate from a 3rd party CA, the doc below has more details on how to do this:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809fcf91.shtml
hth
Herbert
09-12-2013 02:14 PM
Thanks Herbert, the certificate was reinslalled and now is ok.
Regards
06-16-2016 07:40 AM
Dear Herbert,
I have the same problem, but we bought an cert with go daddy. my problem is the message on ANY Connect. the certificate already are installed, but the message persist on client.
06-16-2016 07:55 AM
Hi,
first of all can you please check the second document that I mentioned, and double-check steps 11 and 12, and maybe use the "Verify" section to double-check that everything is configured correctly.
If you still have a problem, please either open a TAC case (if you have a support contract) or post the results of the commands in the "Verify" section here (but please make sure to obscure any sensitive data in the output).
hth
Herbert
06-16-2016 09:15 AM
Dear Helbert,
Speaking with other Engineer, tell me that Cisco Any connect keep the last cert, how we change this cert, the client don't recognise the new cert until to install new one.
Best Regards,
FA.
11-25-2019 06:05 AM
In ASDM go to Configuration->Advanced->SSL Settings.... Make sure there is a third party signed certificate applied under the interface that is used for your VPN clients to connect to (your outside public interface). I recently changed ISP's and forgot to apply that setting. Some users got the error others did not.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide