Necessary certificate on ASA 5510 for Cisco Secure Desktop?
I use Cisco Anyconnect "anyconnect-victory - 2.3.0185 - k9" and ASA 8.0.4. I want to just use CSD to prelogin and check a registry key for desktop PC.
It works fine but I still the newspaper of the SAA this message:
"Failure of the validation of certificates. No appropriate trustpoints found to validate the serial number of certificate: xxxxxxxxxxxxx, name of the object: cn = CiscoSecureDesktop.
January 5, 2009 15:00:50: % ASA-3-717027: invalid certificate chain. No appropriate trustpoint was found to validate the string. »
I need to install a certificate on ASA just to use the CSD module? Or, what is the average to avoid this log message and use a certificate of CSD?
Thanks for your help.
David.
Hi David,
The question is more aesthetic and does not affect all the features.
You can view the bug "CSCsr07594", which describes the problem and the workaround in detail.
Thank you
Naman
Tags: Cisco Security
Similar Questions
-
All necessary licenses on ASA 5510 for old Cisco VPN Client
We're trying to migrate our firewall Watchguard to a Cisco ASA 5510, who bought some time ago. For some reason, all of our users have already installed the old Cisco VPN client. I think it will work. Are there licensing issues on the 5510 I had to be concerned with? No matter what special config that needs to be done on the 5510?
Fix. You don't require licensing of AnyConnect of any type of configuration and the use of IKEv1 IPsec remote access VPN (which use the old Cisco VPN client).
You will be limited to 250 active IPsec peers (remote access more no matter what VPN site-to-site) by the platform (hardware) device capabilities that are enforced by the software.
-
Windows 2003 &; Management Center for Cisco Security Agents
I'm sorry if this question has been asked before, but I was unable to see the answer here.
The management center of CiscoWorks for Cisco Security Agents can be installed on a Windows 2003 Server?
I'm asking because I am that it is difficult to find a new server that comes with Windows 2000.
I'm not in the office at the moment, but I think the version I have is 4.5.
Thank you
Ian
You're welcome and good luck.
-
Cisco Secure Desktop installation
Hello world
I am very beginner in cisco device. in my Office I have vpn 3000 Concentrator and would use the secure desktop cisco with her
succeced, I have install Secure Desktop version 3.1.1.45. to test, I would run cisco secure desktop from my client computer (XP). that means url I enter in the internet browser?
Thank you
ADI
You would https to the public ip address of VPN concentrator.
Here is more information on how to configure CSD on VPN hub for your reference:
/ * Style definitions * / table. MsoNormalTable {mso-style-name: "Table Normal" "; mso-knew-rowband-size: 0; mso-knew-colband-size: 0; mso-style - noshow:yes; mso-style-priority: 99; mso-style - qformat:yes; mso-style-parent:" ";" mso-padding-alt: 0 cm 0 cm 5.4pt 5.4pt; mso-para-margin: 0 cm; mso-para-margin-bottom: .0001pt; mso-pagination: widow-orphan; font-size: 11.0pt; font family: 'Calibri', 'sans-serif"; mso-ascii-font-family: Calibri; mso-ascii-theme-make: minor-latin; mso-hansi-font-family: Calibri; mso-hansi-theme-make: minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-make: minor-bidi ;}"}
Hope that helps.
-
On the Cisco secure desktop PC emulator
We have an ASA 5550. We need to install the software host explore on each computer so that users can make payroll on the mainframe. It is possible to install this software on the Cisco Secure Desktop uses SSL client so that it is unnecessary to install Explorer host on each computer?
Thank you.
Diane
No, you can not use CSD to install the software you want to install. CSD provides a virtual office to provide the secure environment when you connect via VPN/SSL. CSD is not like citrix or RDP unfortunately.
-
Where can I download Cisco Secure Desktop (CSD)?
I need to download Cisco Secure Desktop and I followed the link provided below of cisco... but he gave sent me to a different link.
http://www.Cisco.com/c/en/us/TD/docs/security/CSD/csd34/configuration/gu...
http://www.Cisco.com/cgi-bin/tablebuild.pl/secureDesktop
Help please!
If you have found useful information, please mark it as correct.
Thank you.
-
pre-opening Cisco Secure Desktop policies
Hello
We just do 2 updates on our asa 5510...
1. we have improved our ASA 5510 6.21 to 6.41 firmware
2. we have also improved for the last package of csd
(we have improved from 3.5.841 to 3.5.2008)
After 2 refills, it seems that all my policies pre-opening disappeared
I try to activate / disable the CSD and they won't come back...
I only have the default policy
What can I do to get back them?
any clues on this?
Thanks for the help!
You will not be able to recover it, but check to see if one of your old configuration still exists in flash.
The CSD is stored in a file called "data.xml", there is on the flash of the SAA in the sdesktop directory. You can try to tftp this disabled the flash of the ASA file and see if it contains no remenants of your previous config of csd.
CD desktop
dir
(you should see the file called "Data.xml")
copy tftp flash:/sdesktop/data.xml
If when you view this file you don't see one of your old settings of localization of CSD, then I think you'll be out of luck unless you have a copy saved to another location.
-heather
Don't forget to note all the messages you help and mark the issue as resolved.
-
Hello
Please need help here,
I have pre-opening policies configured on my ASA 5520 (9.1. (4-6)) and adsm 7.5 (1)) but I am not able to see the page on ASDM pre-opening,
Any suggestion?
Kind regards
AM
You can use Anyconnect 4.x or 3.x with policies before logon. As long as you have installed version 3.x of the hostscan image on your ASA. You may need to downgrade the ASDM version.
However being inform security risk on shared bugs previously mentioned.
It will be useful.
-Randy-
-
Cisco Secure Desktop - can you allow to download Java applet
Hello
I am CSD test and were invited to provide access to a web site that tries to open it and insert a Java Applet which enabels user to use a finance app.
However, I set up the CSD, I get an error when the finance Java applet tries to install.
Is there a way to allow this Java to be installed on the CSD?
Thanks for any help/suggestions
concerning
Bryn
Perhaps this document could gve you an idea.
-
ASA 5510 - tips for setting up - no internet
Hi all
I'll set up an ASA 5510 for the first time using the GUI.
I put 0/0 0/1 and outside as inside.
I set up outside with the static WAN address, and it is connected to my ISP.
But I can't do everything Internet works on the inner harbor. I've read elsewhere, I need to add a static route. Can someone please advise?
You must place a default route to carry traffic from inside to outside. Use the GUI to place a static route 0.0.0.0 0.0.0.0 for the ip address of your next hop ip of the connection to the ISP.
Sent by Cisco Support technique Android app
-
VPN on ASA-5510 with Configure a dynamic encryption card
Hi all
My name is ping, I have ASA-5510 for site to site VPN configuration, but am not clear with a few conifguration on ASA-5510 series, not sure on poin than, when I install on other sets of cisco router I can use
ASA2 (config) #crypto card outside-card 10 ipsec-isakmp
% NOTE: this new map encryption will remain disabled until a peer
and a valid access list have been configured.
........
but, when I configure ASA 5510 it as below:
mtelcoASA2 (config) # crypto?
set up the mode commands/options:
CA Certification Authority
dynamic-map set up a dynamic encryption card
IPSec transform-set set, life of the IPSec Security Association and fragmentation
ISAKMP configure ISAKMP
main activities key long-term
card to configure an encryption card
ASA2 (config) # map outside-map 10 ipsec-isakmp crypto ?
set up the mode commands/options:
Entry dynamic is a dynamic map
"Set up a dynamic crypto map" which uses for and why I can't use only "map outside-map 10 ipsec-isakmp crypto" and if not can't, can I skip this command or tell me the other way with explanation with nicely,
Thank you very much
hot topic,
Ping,
Just use crypto card outside-map 10 match/set without ipsec-isakmp key word and it will be fine.
-
Issue of ASA 5540 and secure desktop Configuration
Hey guys, I have the program installation and tested AnyConnect VPN and Cisco Secure Desktop successfully.
Here's my question: is it possible to install two groups of VPN users, using Secure Desktop and who does not. Example of the groups below:
Group 1: Corporate computers laptops that are not standard AnyConnect VPN Secure Desktop client.
Group 2: Contractor and personal computers that cannot use the Cisco Secure Desktop via AnyConnect VPN.
Thanks for you help guys!
It is now possible to the 8.2.1. You can disable the CSD on a per database connection profile, you use Group URL subject.
-
Cisco Anyconnect/WebVPN license for ASA 5510
Hello
Someone could please check the licenses for ASA 5510 attachment and let me know. We currently have ASA 5510 with basic license. According to the table attached under VPN sessions, he mentions that "250 combined SESSIONS IPSec and WebVPN" and to "Max box of WebVPN Session" it is mentioned that 2nd meeting, exceeding that we must buy license optional webvpn. While we the 250 combined license for IPSec and webVPN. We must purchase additional anyconnect license to set up remote access for users who want to use the internal resources from outside the network. OrElse, we don't have to purchase license and can configure webvpn/anyconnect of existing combined license existing users basic ASA license? Waiting for your response. Thank you.
You are welcome.
1 Yes
2 AnyConnect requires no Java, but it can he use when connecting to one AnyConnect SSL VPN client and launch the Web browser option start Java-based. There was a bug with the AnyConnect old versions had later who should have addresses. You also have the option to launch via IE and using ActiveX or simply throw AnyConnect directly - neither of these two methods require Java.
Here is a document TAC on the Java questions if you want more details.
Please take a moment to note the useful messages and mark your answers questions.
-
Cisco ASA 5510 multiple dynamic config VPN L2L necessary
Hello
We have a Cisco asa 5510 with static IP address. Also, we have a remote office with a dynamic IP address. We now have a dynamic to static VPN configured L2L. And now, we must add new tunnel to another site with a dynamic IP address. Is this possible? Does anyone have an example of woking, or manual?
Oleg Kobelev
The config only you need in the ASA is: -.
(1) set of crypto processing
(2) political ISAKMP
(3) dynamic Crypto map
(4) default group L2L & PSK
(5) Config RRI (reverse Route Injection)
HTH >
-
Cisco ASA 5510 + license + AIP - SSM
Hello.
I have this box.
I have a few questions about it.
(1) I'll be able to update the firmware (from 8.2 to 8.3 or greater for example) without smarnet for ASA 5510? And what can not do without smartnet?
(2) I have only AIP-SSM-10 module this ASA 5510. is there a smartnet, too? And when I buy only one module is it build in a subscription for 1 year for the signatures of the IPS?
(3) if I have the Cisco ASA 5510 base license, my IPS on AIP-SSM-10 will work?
(4) as I foresee in a purchase of the year a 5510 more with the same module and mount ther of failover. I really need license Security more than failover (active / standby)? For active/active, I know I need one, Yes?
Please help me.
(1) you must Smartnet in order to download the software from the download from cisco.com site.
(2) Yes, there is also a smartnet for the AIP module. Module AIP does not come with one year subscription, but you can ask for a demo license.
(3) Yes, the basic license is OK for the AIP module.
(4) Yes, you would need license security more on the two ASA to be able to run any type of failover on ASA5510.
Hope that answers your questions.
Maybe you are looking for
-
New Satellite C850D-11 q SYSTEM_SERVICE_EXCEPTION
Hi, can someone help with the problem annoying fricking I get a blue screen with the error,SYSTEM_SERVICE_EXCEPTIONUsually its when I'm on ebay or a similar site. PC world has changed the computer laptop and do it again. I can't take another laptop t
-
Car dock - how to make the Favorites for the dialer?
The new dock car software is awesome... best reader of music, better... But the appeal section, which has a favorite option gives me problems. I have a favorite and it seems to me be my google account. I can't find any way to add favorites to the scr
-
Satellite A200 problem with SDHC card reader
Helloin my notebook, I had two OS, Windows XP Pro 32-bit and Windows Vista Home Premium 32 bit and Win Xp card reader work well, read all types of (standard and HC) SD cards but in vista to read only the standard map: (.) I have install and tryied al
-
When I access my facebook account, it freezes. Then, I get the "not responding" error messages How can I fix this?
-
"The application failed to start because its side-by-side configuration is incorrect."
original title: Please answer me Hello, I just downloaded yahoo Messenger 11. I have windows vista, and the installation went well. Now, whenever I try to start it, I have a Kaspersky Anti-virus program. As you approach the end of the installation of