VPN certificate error

sahib · ‎04-17-2014

we have 2 data center one is main other one is backup

User connects through vpn firewalls either from main or backup , both vpn firewalls ips added in a particular url which we use to connect to vpn.

At some sites we are facing vpn error unstrusted vpn server blocked , when we unchecked the box (block conn to untrusted server), we are able to connect but we have to select connect anyway multiple times , how can we remove this error connect anyway.

Could you guys help me on this please.

We are using cisco anyconnect.

Thanks,

Sahib

Marvin Rhoads · ‎04-17-2014

Do both ASAs have certificates issued to their FQDN and does either use a SAN (Subject Alternative Name)?

It is generally recommend to use the FQDN in the URL and make sure that matches the FQDN in the installed certificate. When you do that (and use a trusted issuing CA) you generally shouldn't have certificate trust issues.

Jan Rolny · ‎04-17-2014

As Marvin mentioned, it is recommended to have certificate generated from trusted CA. But from my experience many people do not do this because it cost some money.

I am not sure but if you will import your root certificate(selfsigned) to TrustedRoot store on machines where you have AnyConnect installed so then VPN client should trust your certificate and should not warn you that you are connecting to untrusted site.

HTH,

Jan