I have a problem with the Anyconnect 3.1.01065.
When I try to connect I get the "The certificate on the secured gateway is invalid. A VPN connection will not be established".
The Certificate is a self signed cert.
Anyconnect 2.5 woks without problems.
ASA image: 8.4(2).
[27.11.2012 15:58:27] Ready to connect.
[27.11.2012 16:01:49] Contacting IP_WAN.
[27.11.2012 16:01:52] Please enter your username and password.
[27.11.2012 16:02:01] User credentials entered.
[27.11.2012 16:02:02] Establishing VPN session...
[27.11.2012 16:02:03] Checking for profile updates...
[27.11.2012 16:02:03] Checking for product updates...
[27.11.2012 16:02:03] Checking for customization updates...
[27.11.2012 16:02:03] Performing any required updates...
[27.11.2012 16:02:08] Establishing VPN session...
[27.11.2012 16:02:08] Establishing VPN - Initiating connection...
[27.11.2012 16:02:09] Disconnect in progress, please wait...
[27.11.2012 16:02:13] Connection attempt has failed.
Has anyone had this issue before?
Thanks a lot.
Please check this out:
CSCua89091 Bug Details
|the local CA needs to support EKU and other necessary attributes|
Currently the local CA server on the ASA doesn't support attributes like the EKU. This enhancement request is to add support for that.Workaround:
configure cert matching on client profile
And the following:
|DOC: Anyconnect supports specific Extended Key Usage attributes in certs|
When using certificates with the anyconnect client if the certificate installed on the ASA doesn't have the EKU attribute set to "server-authentication" then the anyconnect client will reject the ASA's certificate as invalid. Similarly the client's id certificate also needs to be "client-authentication" otherwise the ASA will reject it..Conditions:
Use an id certificate on the ASA that has an EKU other than "server-authentication".
Use an id certificate on the client that has an EKU other than "client-authentication".
So at this point you would need to configure certificate matching or use a previous version of the AnyConnect client.
Please rate any helpful posts