Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
337
Views
2
Helpful
3
Replies

Cisco ASA 5525 CA Root Certificate update for remote VPN Users connect

Go to solution
makarand17zx
Level 1
Level 1

‎08-30-2023 03:15 AM

Hi Team,

We are going to add new CA Root Certificate along with the existing one for our VPN remote user (Any client user) on our ASA 5525. We would create a new trust point and enroll that certificate on ASA.

so, after then, do we require to download AnyConnect client profile (in xml format) manually and need to put on MAC machines?

Thanks

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to makarand17zx

‎08-30-2023 08:29 AM

@makarand17zx that image is old, you may wish to consider anyconnect v4.10 or secure client 5.0 (the new name for anyconnect). If you are also connecting with windows devices you must upload the windows image to the ASA.

You will only need to change the XML profile if you changed the FQDN in the certificate, if you just renewed the certificate then you won't need to modify the XML profile.

View solution in original post

3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎08-30-2023 03:24 AM

@makarand17zx

Yes pre-deploy the XML profile to the client devices will be the best thing to do. You can add the XML profile to the ASA itself, once the user connects the profile is downloaded...but the user must manually connect to the ASA in the first place.

You will need to ensure you upload the anyconnect or secure client 5.0 headend package to the ASA for each OS (Windows and MAC). Without the headend package on the ASA the client devices will be unable to connect.

 

Go to solution
makarand17zx
Level 1
Level 1
In response to Rob Ingram

‎08-30-2023 08:25 AM

Hi Rob,

thank you for the response. We do have below packages on ASA, would they fine.

anyconnect image disk0:/anyconnect-macos-4.9.06037-webdeploy-k9.pkg 4

XML profile is already there in ASA, do we need to create or add new XML profile to ASA again after this certificate update.

Best Regards,

 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to makarand17zx

‎08-30-2023 08:29 AM

@makarand17zx that image is old, you may wish to consider anyconnect v4.10 or secure client 5.0 (the new name for anyconnect). If you are also connecting with windows devices you must upload the windows image to the ASA.

You will only need to change the XML profile if you changed the FQDN in the certificate, if you just renewed the certificate then you won't need to modify the XML profile.

Customers Also Viewed These Support Documents