Solved: Remote Access VPN without a certificate

Thang Le · ‎02-11-2014

Hi all,

I'd like to deploy Remote access VPN for ASA 5512 using Cisco anyconnect secure mobility client version 3.1.05152. However it requires a valid certificate from a trusted CA such as verisign, entrust...

Is there anyway I can use the self-sign certificate? Thank you for helping me!

Jan Rolny · ‎02-11-2014

Hi Harry,

i think it would be still possible to configure VPN just with simple AAA authentication.

From my opinion you have just configured your client to check trustworthy of certificate installed on your ASA.

Please uncheck option like on sccreenshot:

Thanks,

Jan

View solution in original post

Jan Rolny · ‎02-11-2014

Hi Harry,

i think it would be still possible to configure VPN just with simple AAA authentication.

From my opinion you have just configured your client to check trustworthy of certificate installed on your ASA.

Please uncheck option like on sccreenshot:

Thanks,

Jan

Thang Le · ‎02-20-2014

Hi Jan,

I've tried but unsuccessfully

Could you please advise which AnyConnect version you're using?

Thank you!

Jan Rolny · ‎02-20-2014

Hi Harry,

my version is 3.1.04059 but i don't think it version problem now.

What do you see in log on ASA? Also what logs are telling you in Anyconnect client.

Do you have certificate installed/generated on ASA?

Best regards,

Jan

Thang Le · ‎02-20-2014

Hi Jan,

I use self-signed certificate. Can you please advise, thank you

Jan Rolny · ‎02-20-2014

My last suggestion is to check Anyconnect local policy file AnyConnectLocalPolicy.xml.

Please check this in xml: false

Also please read this document:

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/anyconnectadmin25/ac04localpolicy.html#wp1055371

Best regards,

Jan

Thang Le · ‎02-23-2014

Hi Jan,

Problem soved, it's certificate issue. Re-create and all good. Thank you so much for your help!