After many hours of troubleshooting why our Mac OS machines complain about an untrusted server, while our Windows machines do not, it was determined that AnyConnect uses an obsolete method of validating certificates against the X509Anchors file. This is a problem since Apple states that "X509Anchors, is no longer used by Mac OS X as the system root certificate store" (from a warning issued whenever attempting to modify this file).
As more CAs are added to Mac OS machines, new root certificate authorities are not being added to X509Anchors. This is going to be more and more of an issue as time goes on and more root certificate authorities are created/updated. In our case, the "VeriSign Class 3 Public Primary Certification Authority G5" is trusted by the system, but is not in X509Anchors so AnyConnect is continuing to give our associates an error.
Can AnyConnect please be updated to not use this obsolete method and to instead use the "new" security framework? This was introduced back in Mac OS X 10.3.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...