Cisco Cisco AnyConnect Secure Mobility Client v3.x Notas de publicación
8
Release Notes for Cisco AnyConnect Secure Mobility Client 3.0.x, for Apple iOS
New Features in AnyConnect 3.0.09097
–
ike-identity: The IKE identify when AUTHENTICATION is set to EAP-GTC, EAP-MD5, or EAP-MSCHAPv2. This
parameter is invalid when used for other authentication settings.
parameter is invalid when used for other authentication settings.
For URI details, see
section in Chapter 13, “Administering
AnyConnect for Mobile Devices” of the Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.0
manual.
manual.
•
Extensions have been made to the anyconnect:connect command to open a specified URL or close the AnyConnect UI
based on the results of the connect action. For example:
based on the results of the connect action. For example:
anyconnect://connect?host
=vpn.company.com&onerror=http%3A%2F%2Fwww.cisco.com%2Ffailure.html&onsuccess=htt
p%3A%2F%2Fwww.cisco.com
anyconnect://connect?host
=vpn.company.com&onsuccess=anyconnect%3A%2F%2Fclose
–
onerror—Specify the URL to be opened when this connection transitions into the disconnected state, or use the
anyconnect%3A%2F%2Fclose
command to close the AnyConnect GUI.
–
onsuccess—Specify the URL to be opened when this connection transitions into the connected state, or use the
anyconnect%3A%2F%2Fclose
command to close the AnyConnect GUI.
For URI details, see
section in Chapter 13, “Administering
AnyConnect for Mobile Devices” of the Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.0
manual.
manual.
Server Certificate Management Enhancements
AnyConnect now imports user-authorized server certificates to the AnyConnect certificate store during the connection process.
A user is given the opportunity to import a server certificate if it is not automatically accepted by AnyConnect. Only valid,
trusted server certificates are automatically accepted by AnyConnect. See
trusted server certificates are automatically accepted by AnyConnect. See
below for the procedure
to do this.
Valid, but untrusted server certificates are reviewed, authorized, and imported by the user. Once this server certificate is
imported into the AnyConnect store, subsequent connections made to the server using this digital certificate are automatically
accepted. The server certificate can be removed from the AnyConnect certificate store if it is no longer needed.
imported into the AnyConnect store, subsequent connections made to the server using this digital certificate are automatically
accepted. The server certificate can be removed from the AnyConnect certificate store if it is no longer needed.
Invalid certificates are not imported into the AnyConnect store, but can be accepted by the user to complete the current
connection. This is not recommended.
connection. This is not recommended.
Blocking Untrusted Servers
AnyConnect has been updated to provide improved security protection when accessing secure gateways.
A new Block Untrusted Servers application setting determines how AnyConnect blocks connections if it cannot identify the
secure gateway. This protection is ON by default; it can be turned OFF by the user, but this is not recommended.
secure gateway. This protection is ON by default; it can be turned OFF by the user, but this is not recommended.
AnyConnect uses the digital certificate received from the server to verify its identify. If the certificate is invalid (there is a
certificate error due to an expired or invalid date, wrong key usage, or a name mismatch), or if it is untrusted (the certificate
cannot be verified by a Certificate Authority), or both, the connection is blocked. A blocking message displays, and the user
must choose how to proceed.
certificate error due to an expired or invalid date, wrong key usage, or a name mismatch), or if it is untrusted (the certificate
cannot be verified by a Certificate Authority), or both, the connection is blocked. A blocking message displays, and the user
must choose how to proceed.
When Block Untrusted Servers is ON, a blocking Untrusted VPN Server notification alerts the user to this security threat.
The user can choose:
The user can choose:
•
Keep Me Safe to terminate this connection and remain safe.
•
Change Settings to turn the Block Untrusted Servers application preference OFF, but this is not recommended. After the
user disables this security protection, they must reinitiate the VPN connection.
user disables this security protection, they must reinitiate the VPN connection.