I have an issue with AnyConnect 3.0.5080 and ASA image 8.4(3) with AnyConnectLocalPolicy.xml in use. The problem appears while authenticating users based on the client certificate + ldap and using AnyConnectLocalPolicy.xml with ExcludeFirefoxNSSCertStore set to true.
There are two consecutive messages that say: AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again. and then The certificate on the secure gateway is invalid. A VPN connection will not be established.
Of course I put CA and clients certs in /opt/.cisco/certificates/... ASA's identity certificate is not self-sign and 100% vaild. I'm using linux machine (Ubuntu 11.10).
As soon as I change ExcludeFirefoxNSSCertStore value from true to false everything works perfectly and AnyConnect uses client pem files located in /opt/.cisco/...
Any idea? My goal is to make client VPN configuration Firefox independent.