Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

AnyConnect connection attempt and certificate error, then it works

Hi,

I am using AnyConnect Client 3.1.04063 connecting to ASA5540 running 9.1 code. Certificates signed by trusted CA (company CA not public CA) are installed on the ASA and the same company root cert exist on the client computer as well - so the user is never prompted to trust a certificate. From the user perspective, its working as when the "Connect" button is clicked, the username/password opens up and on submitting that, the connection is established without any other pop-up being dispalyed. However, the log window on the anyconnect client displays this:

[27/08/2013 1:26:44 PM] Contacting vpn.example.net.

[27/08/2013 1:26:47 PM] Connection attempt has failed.

[27/08/2013 1:26:48 PM] No valid certificates available for authentication.

[27/08/2013 1:26:49 PM] Please enter your username and password.

[27/08/2013 1:26:55 PM] User credentials entered.

[27/08/2013 1:26:57 PM] Establishing VPN session...

[27/08/2013 1:26:57 PM] Checking for profile updates...

[27/08/2013 1:26:57 PM] Checking for product updates...

[27/08/2013 1:26:57 PM] Checking for customization updates...

[27/08/2013 1:26:57 PM] Performing any required updates...

[27/08/2013 1:26:57 PM] Establishing VPN session...

[27/08/2013 1:26:57 PM] Establishing VPN - Initiating connection...

[27/08/2013 1:26:58 PM] Establishing VPN - Examining system...

[27/08/2013 1:26:58 PM] Establishing VPN - Activating VPN adapter...

[27/08/2013 1:26:59 PM] Establishing VPN - Configuring system...

[27/08/2013 1:26:59 PM] Establishing VPN...

[27/08/2013 1:26:59 PM] Connected to vpn.example.net.

Why is the connection attempt failing initially and also complaining about Valid Certs and then all by itself it connects successfully ?

Regards,

Rick.

1 REPLY
New Member

AnyConnect connection attempt and certificate error, then it wor

Solved. Removed this extra command and those two annyoning messages are not logged anymore. We don't intened to use client based certificates to authenticate remote users.

# no ssl certificate-authentication interface Internet port 443

Cheers,

Rick.

1522
Views
0
Helpful
1
Replies
CreatePlease to create content