Anyconnect Security Issue's

Unanswered Question
May 6th, 2010

Hello Fellaws,

This is my first post and I hope you guys would not dissapoint me .

Issue: I have recently  deployed Cisco Anyconnect  everything was working fine until I realised that " I am only  able to establish a VPN connection
thru Cisco Anyconect when  I have the adnmin previlages( local / domain) . In order for a  normal user to establish a connection i need to first give the user the local admin rights, establish a connection . restart the computer and then remove the user's local admin privilages and from there on the user can establish the connection without any  issue.

  • -> ASA version 8.0(3)
    -> Cisco Anyconnect version : 2.4
    -> ASDM version 6.0(3)
    -> OS : XP prof
    -> Machine certificate are been used for authentication.

Thanks for ur help in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jan.nielsen Thu, 05/06/2010 - 14:42

When you say you can only "establish" a connection when you are local admin, are you talking about the client not starting, or not being able t

o authenticate with the ASA ?

There was a bug in AnyConnect where it could not access the machine certificate when the user wasn't local admin, but it was fixed in a new 2.4 release. did you specify using machine store in your anyconnect profile.xml file ?

ahteshamsoofi Fri, 05/07/2010 - 08:14

Following is the process

1> The error message  I am getting is Unable to process the response from " IP ADDRESS"

2> Then I get the the certificate pop up  where it says

       " The page requires a  secure connection  which inlcued serve authentication......"

          Then the usuallly options yes , no, cancel and view.

3. If i click on yes it says

The  cisco anyconnect box right at the bottom says " your client certificate will be used to authenticate "

4. And when I hit  the Connect button  on the same screen ( box ) it just stays there .


This Discussion