AnyConnect 3.1.01065

Unanswered Question
Dec 10th, 2012

Hi Guys.

Just upgraded to newest version on anyconnect... asa running 8.4(4) 1

I only have this security warning :

Does anyone knows how to get rid of it ? , i have installed the cert on the client and have no warning when entering the https site for connecting / downloading the anyconnect client.

If i accept i will be logged on anyconnect and this will show up everytime connecting.

Please support.    

Attachment: 
I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
pkupisie Mon, 12/10/2012 - 06:47

Hi Filip,

You need in certificate that is used by HTTP Server (SSLVPN)  to have Extended Key Usage (EKU) value of 'Server Authentication' .

You can use for it Cisco CA on IOS for some time already.

Example PKI Server configuration:

crypto pki server CA
grant auto
hash sha1
eku server-auth client-auth

Trustpoint:

crypto pki trustpoint CA-self
enrollment url http://10.1.1.2:80
fqdn 10.1.1.2
ip-address 10.1.1.2
subject-name cn=10.1.1.2,ou=TAC
revocation-check none
eku request server-auth

I hope it helps. Cheers.

Filip.Olsen Tue, 12/11/2012 - 00:15

Hi Piotr.

Yes i did read about this EKU change in cert , but im not able to use these commands in ASA IOS ?

Filip.Olsen Wed, 12/12/2012 - 12:53

>You can use for it Cisco CA on IOS for some time already<

Which IOS version is that , im trying with 15.1.4 on a 2801... still not able to use EKU command.

pkupisie Sat, 12/15/2012 - 23:44

Hi,

Please refer to the bug CSCtl97326 which was feature request for EKU in PKI Server:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtl97326

Based on this information it is added in:

15.1(1)SY

15.2(0.7.3)PIB17

15.2(0.0.10)PIL17

15.2(0.3.1)PIH16

15.2(1.5)T

15.2(1.5)S

15.1(1.4)DPB22

15.2(1.0.0)IPI2

In case of 15.1.4 I cannot check it without a trendline (T/S/M).

Actions

Login or Register to take actions

This Discussion

Posted December 10, 2012 at 6:36 AM
Stats:
Replies:4 Avg. Rating:
Views:689 Votes:1
Shares:0
Tags: anyconnect
+
Categories: AnyConnect
+

Related Content

Discussions Leaderboard