CiscoAnyconnect : could not connect to server after prévious config reload
As stated in the third comment above, the solution was to recreate the full certificate chain :
- Import the RSA key pair
- Recreate the trustpoint for this RSA key pair
- Import CA root and intermediate certificates and recreate the corresponding trustpoints
- Import the final SSL certificate
Not sure that the first step (normally impossible if the RSA keypair has not been previously exported or is not exportable) was really necessary. But it works.
Best regards,
Guy
Related videos on Youtube
05 : 16
05 : 40
03 : 47
25 : 00
38 : 16
20 : 10
Guy at Mercator
Updated on September 18, 2022Comments
-
Guy at Mercator over 1 year
We have a Cisco 881 router hosting a SSL webvpn gateway. This gateway is used by mobile users to connect through AnyConnect 4.4. This system was correctly configured and working perfectly. (Certificates, trustpoints, SSL gateway, SSL context, ...)
Yesterday, we made a "bad" modif in the router config. So we have reloaded the previous good configuration that was working correctly. (copy tftp start and router reloaded)
Now, AnyConnect says :
Could not connect to server. Please verify Internet connectivity and server address.
The web page https://fqdn:port is unavailable.
I've telneted publicip:port. No error In the router "show webvpn gateway SSL1" says the gateway is up and "show webvpn context SSL" says also context is up.
What could be damaged in the router config despite good config reload and multiple reboots ?