Cisco Cisco AnyConnect Secure Mobility Client v4.x Release Notes
Revocation Message
An AnyConnect certificate revocation warning popup window opens after authentication if AnyConnect attempts to verify a server
certificate that specifies the distribution point of an LDAP certificate revocation list (CRL) if the distribution point is only internally
accessible.
certificate that specifies the distribution point of an LDAP certificate revocation list (CRL) if the distribution point is only internally
accessible.
If you want to avoid the display of this popup window, do one of the following:
• Obtain a certificate without any private CRL requirements.
• Disable server certificate revocation checking in Internet Explorer.
Disabling server certificate revocation checking in Internet Explorer can have severe
security ramifications for other uses of the OS.
security ramifications for other uses of the OS.
Caution
Messages in the Localization File Can Span More than One Line
If you try to search for messages in the localization file, they can span more than one line, as shown in the example below:
msgid ""
"The service provider in your current location is restricting access to the "
"Secure Gateway. "
"The service provider in your current location is restricting access to the "
"Secure Gateway. "
AnyConnect for Mac OS X Performance when Behind Certain Routers
When the AnyConnect client for Mac OS X attempts to create an SSL connection to a gateway running IOS, or when the AnyConnect
client attempts to create an IPsec connection to an ASA from behind certain types of routers (such as the Cisco Virtual Office (CVO)
router), some web traffic may pass through the connection while other traffic drops. AnyConnect may calculate the MTU incorrectly.
client attempts to create an IPsec connection to an ASA from behind certain types of routers (such as the Cisco Virtual Office (CVO)
router), some web traffic may pass through the connection while other traffic drops. AnyConnect may calculate the MTU incorrectly.
To work around this problem, manually set the MTU for the AnyConnect adaptor to a lower value using the following command
from the Mac OS X command line:
from the Mac OS X command line:
sudo ifconfig utun0 mtu 1200 (For Mac OS X v10.7 and later)
Preventing Windows Users from Circumventing Always-on
On Windows computers, users with limited or standard privileges may sometimes have write access to their program data folders.
This could allow them to delete the AnyConnect profile file and thereby circumvent the always-on feature. To prevent this, configure
the computer to restrict access to the C:\ProgramData folder, or at least the Cisco sub-folder.
This could allow them to delete the AnyConnect profile file and thereby circumvent the always-on feature. To prevent this, configure
the computer to restrict access to the C:\ProgramData folder, or at least the Cisco sub-folder.
Avoid Wireless-Hosted-Network
Using the Windows 7 or later
feature can make AnyConnect unstable. When using AnyConnect, we do
not recommend enabling this feature or running front-end applications that enable it (such as Connectify or Virtual Router).
25