I have a problem with the Anyconnect 3.1.01065.
When I try to connect I get the "The certificate on the secured gateway is invalid. A VPN connection will not be established".
The Certificate is a self signed cert.
Anyconnect 2.5 woks without problems.
ASA image: 8.4(2).
[27.11.2012 15:58:27] Ready to connect.
[27.11.2012 16:01:49] Contacting IP_WAN.
[27.11.2012 16:01:52] Please enter your username and password.
[27.11.2012 16:02:01] User credentials entered.
[27.11.2012 16:02:02] Establishing VPN session...
[27.11.2012 16:02:03] Checking for profile updates...
[27.11.2012 16:02:03] Checking for product updates...
[27.11.2012 16:02:03] Checking for customization updates...
[27.11.2012 16:02:03] Performing any required updates...
[27.11.2012 16:02:08] Establishing VPN session...
[27.11.2012 16:02:08] Establishing VPN - Initiating connection...
[27.11.2012 16:02:09] Disconnect in progress, please wait...
[27.11.2012 16:02:13] Connection attempt has failed.
Has anyone had this issue before?
Thanks a lot.
Please check this out:
CSCua89091 Bug Details
|the local CA needs to support EKU and other necessary attributes|
Currently the local CA server on the ASA doesn't support attributes like the EKU. This enhancement request is to add support for that.
configure cert matching on client profile
And the following:
|DOC: Anyconnect supports specific Extended Key Usage attributes in certs|
When using certificates with the anyconnect client if the certificate installed on the ASA doesn't have the EKU attribute set to "server-authentication" then the anyconnect client will reject the ASA's certificate as invalid. Similarly the client's id certificate also needs to be "client-authentication" otherwise the ASA will reject it..
Use an id certificate on the ASA that has an EKU other than "server-authentication".
Use an id certificate on the client that has an EKU other than "client-authentication".
So at this point you would need to configure certificate matching or use a previous version of the AnyConnect client.
Please rate any helpful posts