We have just started moving over to Client SSL VPN Connections. We have this working really well and all our users are able to connect using the AnyConnect client and we are happy it is setup the way we want it.
We decided we would now go to the next step and start using SBL. Looking at the basics, it seemed a simple enought process.
All our clients are Windows 7 with a few XP machines dotted around. Everything is 32-bit.
We did a bit of research and read a lot of the Cisco documentation and decided to give it a try. We went through thr steps and configured the ASA to enable SBL (vpngina, client profile etc). We then picked a handful of machines to test it on. We connected to the ASA via AnyConnect client and sure enough SBL had been installed.
Now the trouble starts. When you turn the machine on we get the VPN logn prompt but when you select the host, it just says connection to host failed. If we bypass the SBL screen and logon normally, we can still use AnyConnect client perfectly. Looking in the Event Viewer, all we can see of any significance is
The solution to this for anyone that's interested was to create a self-signed certificate on the ASA and then install it into the Laptop's Machine Trusted Roots store.
It would be nice for Cisco to document this. SBL will not work without a trusted certificate although the Cisco VPN Client does. I have not seen this mentioned in any of the Cisco documentation I have read.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :