Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Anyconnect Error when using SBL

I keep getting this error:

AnyConnect cannot confirm it is connected to your secure gateway. The local network 
may not be trustworthy. Please try another network.

I can log in to windows 7, connect using the any connect client and it works fine.  But I will log out, lauch the any connect client to connect before logging in to windows and I get the error above.  I've read everything I can find and am out of ideas.  I've installed the asa certificate in to the Truested Root store and it that took away the untrusted connection message when connecting from

Guides I've looked at:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect22/administration/guide/22admin4.html#wp1008064

http://www.cisco.com/en/US/docs/security/asa/asa83/asdm63/configuration_guide/admin_swconfig.html#wp1242861

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/user/messages/ac25-vpn-user-msgs.html

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/ac03vpn.html

https://supportforums.cisco.com/thread/2156081

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_anyconnect.html

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/user/messages/ac30-vpn-user-msgs.html

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect24/administration/guide/ac03features.html

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html#wp43187

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/ac09localpolicy.html

So what am I missing?

Thanks!

7 REPLIES
New Member

Anyconnect Error when using SBL

I am also having this issue with exactly one client on windows xp.  Issue only exists when attempting to sbl.  Client version is 3.1.02040.

New Member

Anyconnect Error when using SBL

I ended up giving up since I don't have a support contract and can't put a ticket in for help.  I ended up turning on the feature to stay logged in when logged out.  So I had the users log in vpn then log out and log back in.  Not ideal but at this point, its my only option.

New Member

Anyconnect Error when using SBL

I opened a TAC case and will update this thread when resolved.

New Member

Anyconnect Error when using SBL

Thanks!  If they need any additional info, just let me know. 

New Member

Anyconnect Error when using SBL

The solution in my case was to install the intermediate certificate on the local machine (computer account) in the trusted root store.

New Member

Anyconnect Error when using SBL

How did you install the intermediate certificate? We're using a self-generated certificate on the ASA for the anyconnect connections.

New Member

Re: Anyconnect Error when using SBL

open mmc.exe via run and then add a computer account certificate snap-in. then you can manage your computer certificates.

after the certificate has been added to your Local Computer Certificate store (note NOT Current User certificate store) you should be fine.

One more thing I noticed is that SBL does not accept IP addresses when connecting to ASA. You must use a domain name. And that domain name must match the subject's CN inside the certificate.

3395
Views
0
Helpful
7
Replies
CreatePlease to create content