Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Changing the AnyConnect host connection

Hello,

We have many users using the Cisco AnyConnect client and to get to our company they go to vpn.company.co.uk.  We are changing our company name so we are creating a now FQDN called for example vpn.newcompany.co.uk which will point to our ASA. 

1.) Thing is will be need a new SSL cert on the ASA?

2.) If so can the new cert incorporate both FQDNs?

3.) How can I automatically change the host users connect to in the Anyconnect clients to reflect the new FQDN?

Thanks

2 REPLIES
VIP Green

Changing the AnyConnect host connection

1.) Thing is will be need a new SSL cert on the ASA?

Yes, you will need a new SSL certificate which includes the new domain name.

2.) If so can the new cert incorporate both FQDNs?

Yes, if you purchase a wildcard certificate I believe you can have 5 domain names referenced in it.

3.) How can I automatically change the host users connect to in the Anyconnect clients to reflect the new FQDN?

If you purchase the certificate from a well known provider chances are that your clients will already have the public key installed on their PC.  If not, the user should be prompted to accept and install the certificate upon first connection.

--
Please remember to rate and select a correct answer

--

Please remember to rate and select a correct answer
VIP Purple

Changing the AnyConnect host connection

2.) If so can the new cert incorporate both FQDNs?

Yes, if you purchase a wildcard certificate I believe you can have 5 domain names referenced in it.

You are mixing two kind of certificates here:

Wildcard-certificates don't the "host" past. If you have a wildcard-certificate *.example.com then you can use anything.example.com.

The other thing are UCC, there you can have multiple FQDNs listed. It's the CA-policy that tells you how many names can be included there. For one project I have had a certificate with about 30 names in it.

3.) How can I automatically change the host users connect to in the Anyconnect clients to reflect the new FQDN?

You could deploy AnyConnect-profiles with both the old and the new name listed. When all users got the profile the old name can be removed:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/ac03vpn.html#wp1448620

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
119
Views
0
Helpful
2
Replies
CreatePlease login to create content