Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN certificate error

we have 2 data center one is main other one is backup

 

User connects through vpn firewalls either from main or backup , both vpn firewalls ips added in a particular url which we use to connect to vpn.

At some sites we are facing vpn error unstrusted vpn server blocked , when we unchecked the box (block conn to untrusted server), we are able to connect but we have  to select connect anyway multiple times , how can we remove this error connect anyway.

Could you guys help me on this please.

We are using cisco anyconnect.

 

 

 

Thanks,

Sahib

2 REPLIES
Hall of Fame Super Silver

Do both ASAs have

Do both ASAs have certificates issued to their FQDN and does either use a SAN (Subject Alternative Name)?

It is generally recommend to use the FQDN in the URL and make sure that matches the FQDN in the installed certificate. When you do that (and use a trusted issuing CA) you generally shouldn't have certificate trust issues.

Bronze

As Marvin mentioned, it is

As Marvin mentioned, it is recommended to have certificate generated from trusted CA. But from my experience many people do not do this because it cost some money.

I am not sure but if you will import your root certificate(selfsigned) to TrustedRoot store on machines where you have AnyConnect installed so then VPN client should trust your certificate and should not warn you that you are connecting to untrusted site.

HTH,

Jan

87
Views
0
Helpful
2
Replies