I have an ASA5510 in failover, after a reload, a message "Untrusted VPN Server Blocked" appears after the first attempt to connect to the VPN, if we uncheck the "Block connections to untrusted servers" in preference settings the profile is updated and the connection is successful.
If I disconnect the VPN and try again it appears another profile.
I try this step for another link, but the result is the same for me
Try the following steps,
1. Click on Anyconnect Client profile
2. Edit Anyconnect_Group profile
3. Edit Server list
4. Add or Edit the hostname (You will see IP address, however, your cert is URL address ) So you have to add it or delete the IP address and keep URL )
5. Host display: Remote.exmaple.com and FQDN: Remote.example.com
** Your cert that you applied for the interface must match the URL otherwise it won't work. So you can make your Cert
(( *.example.com )) and it should match any URL you give
Does anyone knows what could be the cause of this problem?
it sounds like you don't have a certificate installed on the ASA, so the ASA uses a non-persistent self-signed certificate.
This doc explains how to create a persistent self-signed certificate:
Better still would be to purchase a 'real' certificate from a 3rd party CA, the doc below has more details on how to do this:
I have the same problem, but we bought an cert with go daddy. my problem is the message on ANY Connect. the certificate already are installed, but the message persist on client.
first of all can you please check the second document that I mentioned, and double-check steps 11 and 12, and maybe use the "Verify" section to double-check that everything is configured correctly.
If you still have a problem, please either open a TAC case (if you have a support contract) or post the results of the commands in the "Verify" section here (but please make sure to obscure any sensitive data in the output).
Speaking with other Engineer, tell me that Cisco Any connect keep the last cert, how we change this cert, the client don't recognise the new cert until to install new one.
In ASDM go to Configuration->Advanced->SSL Settings.... Make sure there is a third party signed certificate applied under the interface that is used for your VPN clients to connect to (your outside public interface). I recently changed ISP's and forgot to apply that setting. Some users got the error others did not.