Cisco Cisco AnyConnect Secure Mobility Client v3.x Release Notes
9
Release Notes for Cisco AnyConnect Secure Mobility Client 3.0.x for Android Mobile Devices
New Features in AnyConnect 3.0.09073
Valid, but untrusted server certificates are reviewed, authorized, and imported by the user. Once this
server certificate is imported into the AnyConnect store, subsequent connections made to the server
using this digital certificate are automatically accepted. The server certificate can be removed from the
AnyConnect certificate store if it is no longer needed.
server certificate is imported into the AnyConnect store, subsequent connections made to the server
using this digital certificate are automatically accepted. The server certificate can be removed from the
AnyConnect certificate store if it is no longer needed.
Invalid certificates are not imported into the AnyConnect store, but can be accepted by the user to
complete the current connection. This is not recommended.
complete the current connection. This is not recommended.
Blocking Untrusted Servers
AnyConnect has been updated to provide improved security protection when accessing secure gateways.
A new Block Untrusted Servers application setting determines how AnyConnect blocks connections if
it cannot identify the secure gateway. This protection is ON by default; it can be turned OFF by the user,
but this is not recommended.
it cannot identify the secure gateway. This protection is ON by default; it can be turned OFF by the user,
but this is not recommended.
AnyConnect uses the digital certificate received from the server to verify its identify. If the certificate is
invalid (there is a certificate error due to an expired or invalid date, wrong key usage, or a name
mismatch), or if it is untrusted (the certificate cannot be verified by a Certificate Authority), or both, the
connection is blocked. A blocking message displays, and the user must choose how to proceed.
invalid (there is a certificate error due to an expired or invalid date, wrong key usage, or a name
mismatch), or if it is untrusted (the certificate cannot be verified by a Certificate Authority), or both, the
connection is blocked. A blocking message displays, and the user must choose how to proceed.
When Block Untrusted Servers is ON, a blocking Untrusted VPN Server notification alerts the user
to this security threat. The user can choose:
to this security threat. The user can choose:
•
Keep Me Safe to terminate this connection and remain safe.
•
Change Settings to turn the Block Untrusted Servers application preference OFF, but this is not
recommended. After the user disables this security protection, they must reinitiate the VPN
connection.
recommended. After the user disables this security protection, they must reinitiate the VPN
connection.
When Block Untrusted Servers is OFF, a nonblocking Untrusted VPN Server notification alerts the
user to this security threat. The user can choose to:
user to this security threat. The user can choose to:
•
Cancel the connection and remain safe.
•
Continue the connection, but this is not recommended.
•
View Details of the certificate.
If the certificate that the user is viewing is valid but untrusted, the user can:
–
Import the server certificate into the AnyConnect certificate store for future use and continue
the connection by selecting Import and Continue. Once this certificate is imported into the
AnyConnect store, subsequent connections made to the server using this digital certificate are
automatically accepted.
the connection by selecting Import and Continue. Once this certificate is imported into the
AnyConnect store, subsequent connections made to the server using this digital certificate are
automatically accepted.
–
Go back to the previous screen and choose Cancel or Continue.
If the certificate is invalid, for any reason, the user can only return to the previous screen and choose
Cancel or Continue.
Cancel or Continue.
Leaving the Block Untrusted Servers setting ON, having a valid, trusted server certificate configured
on your secure gateway, and instructing your mobile users to always choose Keep Me Safe is the safest
configuration for VPN connectivity to your network.
on your secure gateway, and instructing your mobile users to always choose Keep Me Safe is the safest
configuration for VPN connectivity to your network.