Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SBL - Does it actually work?

Hi All,

We have just started moving over to Client SSL VPN Connections. We have this working really well and all our users are able to connect using the AnyConnect client and we are happy it is setup the way we want it.

We decided we would now go to the next step and start using SBL. Looking at the basics, it seemed a simple enought process.

All our clients are Windows 7 with a few XP machines dotted around. Everything is 32-bit.

We did a bit of research and read a lot of the Cisco documentation and decided to give it a try. We went through thr steps and configured the ASA to enable SBL (vpngina, client profile etc). We then picked a handful of machines to test it on. We connected to the ASA via AnyConnect client and sure enough SBL had been installed.

Now the trouble starts. When you turn the machine on we get the VPN logn prompt but when you select the host, it just says connection to host failed. If we bypass the SBL screen and logon normally, we can still use AnyConnect client perfectly. Looking in the Event Viewer, all we can see of any significance is

CTRANSPORT_ERROR_UNTRUSTED_CERT_DISALLOWED_WITH_SBL

We do not use certificates. Do I assume that SBL cannot function unless you purchase a trusted certificate or is this message a red herring, or is there a workaround?

Many thanks in advance.

2 REPLIES
New Member

Re: SBL - Does it actually work?

The solution to this for anyone that's interested was to create a self-signed certificate on the ASA and then install it into the Laptop's Machine Trusted Roots store.

It would be nice for Cisco to document this. SBL will not work without a trusted certificate although the Cisco VPN Client does. I have not seen this mentioned in any of the Cisco documentation I have read.

New Member

SBL - Does it actually work?

is it really resolved the problem ?

i created asa self-signed certificate and export it,

then install to my client's PC trusted roots store

anyway, SBL still not working

it still show "connection attempt failed"

anyone could help me

thanks

663
Views
0
Helpful
2
Replies
CreatePlease login to create content