troubleshooting Question

Cisco 1841 SSL VPN/Anyconnect Help

Avatar of skapple
skapple asked on
5 Comments1 Solution1045 ViewsLast Modified:
I pretty new to Cisco programming and am trying to get an SSL VPN set up for remote access using Anyconnect version 3.1.04509. If I try to connect via a web browser I get an error telling me the security certificate is not secure. If I try to connect via Anyconnect I get an error saying "Untrusted VPN Server Blocked." If I change the Anyconnect settings to allow connections to untrusted servers, I get two errors that say"Certificate does not match the server name" and "Certificate is malformed." Below is the running config in the router at this time. There is another Site-to-Site VPN tunnel that is up and working properly on this device. Any help would be greatly appreciated. Thanks

Current configuration : 7741 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname buchanan1841
logging message-counter syslog
no logging buffered
enable secret 5 XXXXXXX
enable password XXXX
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa session-id common
crypto pki trustpoint buchanan_Certificate
 enrollment selfsigned
 revocation-check crl
 rsakeypair buchanan_rsakey_pairname
crypto pki certificate chain buchanan_Certificate
 certificate self-signed 01
  30820197 30820141 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  1D311B30 1906092A 864886F7 0D010902 160C6275 6368616E 616E3138 3431301E
  170D3133 30373038 32323330 33335A17 0D323030 31303130 30303030 305A301D
  311B3019 06092A86 4886F70D 01090216 0C627563 68616E61 6E313834 31305C30
  0D06092A 864886F7 0D010101 0500034B 00304802 4100C76B D94BABC2 6D7FB1F1
  AF9AA76F E631B841 7CFEA806 1F52420B 9C83D754 D58393B1 EC02FCA8 BFBE82D6
  79645A32 4ECEDB43 8AEB1590 9CCC309E 17E70061 86150203 010001A3 6C306A30
  0F060355 1D130101 FF040530 030101FF 30170603 551D1104 10300E82 0C627563
  68616E61 6E313834 31301F06 03551D23 04183016 8014AF2E 3FCF66AF C8A43F5F
  97DFABA9 C74371FD 127A301D 0603551D 0E041604 14AF2E3F CF66AFC8 A43F5F97
  DFABA9C7 4371FD12 7A300D06 092A8648 86F70D01 01040500 034100C1 47D2E8B0
  4AC15F69 E8CBE141 E8EE96C5 7BF1EE51 102278B8 ED525185 9F112FA6 0D51F7A6
  3382DB09 8692EEE7 200471B3 BF12FBD0 223EB549 4A352049 513F4B
dot11 syslog
ip source-route
ip cef
no ipv6 cef
multilink bundle-name authenticated
username buchanan privilege 15 password 0 XXXXX
username cybera password 0 cybera
username skapple privilege 15 secret 5 XXXXXXXXXX
username buckys secret 5 XXXXXXXXXXX
crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
 lifetime 28800
crypto isakmp key p2uprEswaspus address XXXXXX
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set cybera esp-3des esp-md5-hmac
crypto ipsec profile cybera
 set transform-set cybera
 log config
ip ssh version 1
interface Tunnel0
 description Cybera WAN - IPSEC Tunnel
 ip address x.x.x.x
 ip virtual-reassembly
 tunnel source x.x.x.x
 tunnel destination x.x.x.x
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile cybera
interface FastEthernet0/0
 description LAN Connection
 ip address
 ip helper-address
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
 no mop enabled
interface FastEthernet0/1
 description WAN Connection
 ip address x.x.x.x
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
interface ATM0/0/0
 no ip address
 atm restart timer 300
 no atm ilmi-keepalive
interface Virtual-Template2
 ip unnumbered FastEthernet0/0
ip local pool SDM_POOL_1
ip local pool LAN_POOL
ip forward-protocol nd
ip route x.x.x.x
ip route x.x.x.x
ip route x.x.x.x
ip route x.x.x.x
ip route x.x.x.x x.x.x.x
ip route x.x.x.x x.x.x.x
ip route x.x.x.x x.x.x.x
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/1 overload
ip nat inside source static tcp 22 x.x.x.x 22 extendable
ip nat inside source static tcp 23 x.x.x.x 23 extendable
access-list 1 permit

line con 0
line aux 0
line vty 0 4
 password xxxxx
 transport input telnet ssh
scheduler allocate 20000 1000
webvpn gateway gateway_1
 ip address x.x.x.x port 443
 http-redirect port 80
 ssl trustpoint buchanan_Certificate
webvpn install svc flash:/webvpn/anyconnect-win-3.1.04059-k9.pkg sequence 1
webvpn context employees
 secondary-color white
 title-color #CCCC66
 text-color black
 ssl authenticate verify all
 policy group policy_1
   functions svc-enabled
   svc address-pool "LAN_POOL"
   svc default-domain "buchanan.local"
   svc keep-client-installed
   svc dns-server primary
   svc wins-server primary
 virtual-template 2
 default-group-policy policy_1
 aaa authentication list ciscocp_vpn_xauth_ml_2
 gateway gateway_1
 max-users 10


Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros