we have 2 data center one is main other one is backup
User connects through vpn firewalls either from main or backup , both vpn firewalls ips added in a particular url which we use to connect to vpn.
At some sites we are facing vpn error unstrusted vpn server blocked , when we unchecked the box (block conn to untrusted server), we are able to connect but we have to select connect anyway multiple times , how can we remove this error connect anyway.
Do both ASAs have certificates issued to their FQDN and does either use a SAN (Subject Alternative Name)?
It is generally recommend to use the FQDN in the URL and make sure that matches the FQDN in the installed certificate. When you do that (and use a trusted issuing CA) you generally shouldn't have certificate trust issues.
As Marvin mentioned, it is recommended to have certificate generated from trusted CA. But from my experience many people do not do this because it cost some money.
I am not sure but if you will import your root certificate(selfsigned) to TrustedRoot store on machines where you have AnyConnect installed so then VPN client should trust your certificate and should not warn you that you are connecting to untrusted site.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...