Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Anyconnect 3.0 , SBL and Certificate

Hi,

I'm loosing my hope to find a way to configure SBL on Windows XP 32bit, I didnt tried on 7. When I start the pc, the screen of anyconnect apears and give a error that couldnt find the certificate. When I logon on Windows, anyconnect connects normally. On IE, I can enter on ASA 5540 Anyconnect Web Deployment with my certificate.

A part of XML:

<UseStartBeforeLogon UserControllable="true">true</UseStartBeforeLogon>

<AutomaticCertSelection UserControllable="false">true</AutomaticCertSelection>

<ShowPreConnectMessage>false</ShowPreConnectMessage>

<CertificateStore>All</CertificateStore>

<CertificateStoreOverride>true</CertificateStoreOverride>

<AutoConnectOnStart UserControllable="false">true</AutoConnectOnStart>

<MinimizeOnConnect UserControllable="false">true</MinimizeOnConnect>

<LocalLanAccess UserControllable="false">true</LocalLanAccess>

<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>

<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>

<AlwaysOn>true

<ConnectFailurePolicy>Open

<AllowCaptivePortalRemediation>false

<CaptivePortalRemediationTimeout>5</CaptivePortalRemediationTimeout>

</AllowCaptivePortalRemediation>

<ApplyLastVPNLocalResourceRules>false</ApplyLastVPNLocalResourceRules>

</ConnectFailurePolicy>

<AllowVPNDisconnect>true</AllowVPNDisconnect>

</AlwaysOn>

The certificate was generate by Windows Server, and is stored on User Store.

Thanks for efforts.

  • VPN
4 REPLIES

Anyconnect 3.0 , SBL and Certificate

I forgot to say, I'm with the lastest version os ASA 5540 8.4(4) and Anyconnect 3.0.08057.

New Member

Anyconnect 3.0 , SBL and Certificate

Did SBL ever work in your environment? 

New Member

Re: Anyconnect 3.0 , SBL and Certificate

Hi,

you have to install the certificate into the local machine certificate store otherwise AC isn't able to use it before the User has logged in.

In our Environment SBL works well with Windows XP/ 7 and cert auth!

Sent from Cisco Technical Support iPhone App

New Member

Anyconnect 3.0 , SBL and Certificate

Hi,

don't copy & paste the certificate.

import the certifcate into the local machine certificate store.

http://support.microsoft.com/kb/939616/en-us

1454
Views
0
Helpful
4
Replies