Cisco Cisco AnyConnect Secure Mobility Client v3.x Notas de publicación

ike-identity: The IKE identify when AUTHENTICATION is set to EAP-GTC, EAP-MD5, or EAP-MSCHAPv2. This 
parameter is invalid when used for other authentication settings.

For URI details, see 

section in Chapter 13, “Administering 

AnyConnect for Mobile Devices” of the Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.0 
manual.

Extensions have been made to the anyconnect:connect command to open a specified URL or close the AnyConnect UI 
based on the results of the connect action. For example: 

=vpn.company.com&onerror=http%3A%2F%2Fwww.cisco.com%2Ffailure.html&onsuccess=htt

p%3A%2F%2Fwww.cisco.com

=vpn.company.com&onsuccess=anyconnect%3A%2F%2Fclose

onerror—Specify the URL to be opened when this connection transitions into the disconnected state, or use the 

 command to close the AnyConnect GUI.

onsuccess—Specify the URL to be opened when this connection transitions into the connected state, or use the 

 command to close the AnyConnect GUI.

For URI details, see

 section in Chapter 13, “Administering 

AnyConnect for Mobile Devices” of the Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.0 
manual.

AnyConnect now imports user-authorized server certificates to the AnyConnect certificate store during the connection process.

A user is given the opportunity to import a server certificate if it is not automatically accepted by AnyConnect. Only valid, 
trusted server certificates are automatically accepted by AnyConnect. See 

 below for the procedure 

to do this.

Valid, but untrusted server certificates are reviewed, authorized, and imported by the user. Once this server certificate is 
imported into the AnyConnect store, subsequent connections made to the server using this digital certificate are automatically 
accepted. The server certificate can be removed from the AnyConnect certificate store if it is no longer needed. 

Invalid certificates are not imported into the AnyConnect store, but can be accepted by the user to complete the current 
connection. This is not recommended. 

AnyConnect has been updated to provide improved security protection when accessing secure gateways.

A new Block Untrusted Servers application setting determines how AnyConnect blocks connections if it cannot identify the 
secure gateway. This protection is ON by default; it can be turned OFF by the user, but this is not recommended. 

AnyConnect uses the digital certificate received from the server to verify its identify. If the certificate is invalid (there is a 
certificate error due to an expired or invalid date, wrong key usage, or a name mismatch), or if it is untrusted (the certificate 
cannot be verified by a Certificate Authority), or both, the connection is blocked. A blocking message displays, and the user 
must choose how to proceed.

When Block Untrusted Servers is ON, a blocking Untrusted VPN Server notification alerts the user to this security threat. 
The user can choose:

Keep Me Safe to terminate this connection and remain safe.

Change Settings to turn the Block Untrusted Servers application preference OFF, but this is not recommended. After the 
user disables this security protection, they must reinitiate the VPN connection.