Cisco 5505 - ASA Firewall Edition Bundle Administrator's Manual page 23
Administration guide
Hide thumbs
Also See for 5505 - ASA Firewall Edition Bundle:
- Configuration manual (1822 pages) ,
- Getting started manual (168 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 2
Common AnyConnect VPN Client Installation and Configuration Procedures
The user connects successfully to security appliance #1.
3.
The user disconnects from security appliance #1.
4.
The user reconnects to badly configured security appliance #1.
5.
The user does not see the pop-up dialog box, because the certificate is stored in the preferences file.
6.
The user connects successfully to security appliance #1.
The user disconnects from security appliance #1.
7.
The user connects to correctly configured security appliance #2.
8.
The user sees no dialog box and connects successfully.
9.
The user disconnects from security appliance #2.
10.
The user connects to badly configured security appliance #1.
11.
The user sees a pop-up Security Alert dialog box prompt.
12.
Example Set 2
The following are examples of non-serious errors that result in a Security Alert dialog box prompting
the user.
Invalid Common Name: The hostname in the certificate sent to us from the security appliance does
•
not match the hostname that the user connected to.
For example, the user connects to 10.94.147.93, and the certificate received from the security
appliance contains cvc-asa06.cisco.com. 10.94.147.93 and cvc-asa06.cisco.com might or might not
be the same machine. The Security Alert dialog box prompts the user to approve or disapprove the
certificate.
Invalid Date: The certificate received from the security appliance has expired or is not yet valid. This
•
could be because the date on the customer's machine is incorrect or because the certificate really is
invalid. The Security Alert dialog box prompts the user to approve or disapprove the certificate.
•
Invalid Certificate Authority: The certificate received from the security appliance has been signed
by a Certificate Authority that is not recognized by the AnyConnect client. The AnyConnect client
prompts the user for approval/disapproval. Recommendation: The root certificate (certificate of the
Certificate Authority) should be imported into the client machine out of band (via E-mail, website,
floppy disk, CD, and so on).
Example Set 3
The following are examples of serious errors that result in no Security Alert prompt and no connection.
Certificate cannot be read.
•
Bad password.
•
Certificate not sent to the client.
•
Bad Usage: Certificate received from the security appliance was not meant to be used as a server
•
certificate.
Scenarios Where a User Might See the Security Alert
Scenario A: The user gets the server certificate for their security appliance from a non-trusted
•
certificate authority; for example, their own certificate authority or cacert.org.
The user sees the Security Alert pop-up on the first connection attempt but never thereafter until he
or she switches to a different security appliance and back.
OL-12950-012
Before You Install the AnyConnect Client
Cisco AnyConnect VPN Client Administrator Guide
2-5
Advertisement
Table of Contents
