Cisco Cisco AnyConnect Secure Mobility Client v3.x 사용자 가이드
24
iPad User Guide for Cisco AnyConnect Secure Mobility Client, Release 3.0.x
Managing Anyconnect
Blocking Untrusted Servers
This application setting determines if AnyConnect automatically blocks connections if it is unable to
identify the secure gateway. This protection is ON by default but can be turned OFF, this is not
recommended.
identify the secure gateway. This protection is ON by default but can be turned OFF, this is not
recommended.
AnyConnect uses the certificate received from the server to verify its identify, if there is a certificate
error due to an expired or invalid date, wrong key usage, or a name mismatch, the connection is blocked.
error due to an expired or invalid date, wrong key usage, or a name mismatch, the connection is blocked.
When this setting is ON, a blocking Untrusted VPN Server! notification alerts you to this security threat.
Step 1
Inside the AnyConnect app, tap Settings > Theme.
Step 2
Tap the Block Unstrusted Servers switch to enable or disable automatic blocking.
Setting FIPS Mode
FIPS Mode makes use of Federal Information Processing Standards (FIPS) cryptography algorithms for
all IPsec VPN connections. Your administrator informs you if you need to enable FIPS mode on your
mobile device for IPsec VPN connectivity to your network.
all IPsec VPN connections. Your administrator informs you if you need to enable FIPS mode on your
mobile device for IPsec VPN connectivity to your network.
Step 1
Inside the AnyConnect app, tap Settings.
Step 2
Tap the FIPS Mode switch to enable or disable FIPS Mode.
Managing Certificates
Certificates are used to digitally identify each end of the VPN connection: The secure gateway, or the
server, and the AnyConnect client, or the user. A server certificate identifies the secure gateway to
AnyConnect, a user certificate identifies the AnyConnect user to the secure gateway. Certificates are
obtained from and verified by Certificate Authorities (CAs).
server, and the AnyConnect client, or the user. A server certificate identifies the secure gateway to
AnyConnect, a user certificate identifies the AnyConnect user to the secure gateway. Certificates are
obtained from and verified by Certificate Authorities (CAs).
When establishing a connection, AnyConnect always expects a server certificate from the secure
gateway. The secure gateway only expects a certificate from AnyConnect if it has been configured to do
so. Expecting the AnyConnect user to manually enter credentials is another way to authenticate a VPN
connection. In fact, the secure gateway can be configured to authenticate AnyConnect users with a
digital certificate, with manually entered credentials, or with both. Certificate only authentication allows
VPNs to connect without user intervention.
gateway. The secure gateway only expects a certificate from AnyConnect if it has been configured to do
so. Expecting the AnyConnect user to manually enter credentials is another way to authenticate a VPN
connection. In fact, the secure gateway can be configured to authenticate AnyConnect users with a
digital certificate, with manually entered credentials, or with both. Certificate only authentication allows
VPNs to connect without user intervention.
Distribution and use of certificates to the secure gateway and to your device is directed by your
administrator. Follow directions provided by your administrator to import, use, and manage server and
user certificates for AnyConnect VPNs. Information and procedures in this document related to
certificates and certificate management are provided for your understanding and reference.
administrator. Follow directions provided by your administrator to import, use, and manage server and
user certificates for AnyConnect VPNs. Information and procedures in this document related to
certificates and certificate management are provided for your understanding and reference.
AnyConnect stores both user and server certificates for authentication in its own certificate store. The
AnyConnect certificate store is managed from the Diagnostics > Certificates screen.
AnyConnect certificate store is managed from the Diagnostics > Certificates screen.
User Certificate Management
In order for you, the AnyConnect user, to authenticate to the secure gateway using a digital certificate,
you need a User certificate in the AnyConnect certificate store on your device. User certificates are
imported using one of the following methods as directed by your administrator:
you need a User certificate in the AnyConnect certificate store on your device. User certificates are
imported using one of the following methods as directed by your administrator: