Cisco Cisco AnyConnect Secure Mobility Client v3.x 發佈版本通知
Release Notes for Cisco AnyConnect Secure Mobility Client, Release 3.1
Guidelines and Limitations
23
The Edit String window opens.
1.
Enter No.
2.
Click OK.
3.
Close the Registry Editor window.
Revocation Message
An AnyConnect certificate revocation warning popup window opens after authentication if AnyConnect attempts
to verify a server certificate that specifies the distribution point of an LDAP certificate revocation list (CRL) if the
distribution point is only internally accessible.
to verify a server certificate that specifies the distribution point of an LDAP certificate revocation list (CRL) if the
distribution point is only internally accessible.
If you want to avoid the display of this popup window, do one of the following:
Obtain a certificate without any private CRL requirements.
Disable server certificate revocation checking in Internet Explorer.
Note:
Disabling server certificate revocation checking in Internet Explorer can have severe security ramifications
for other uses of the OS.
Messages in the Localization File Can Span More than One Line
If you try to search for messages in the localization file, they can span more than one line, as shown in the example
below:
below:
msgid ""
"The service provider in your current location is restricting access to the "
"Secure Gateway. "
AnyConnect for Mac OS X Performance when Behind Certain Routers
When the AnyConnect client for Mac OS X attempts to create an SSL connection to a gateway running IOS, or
when the AnyConnect client attempts to create an IPsec connection to an ASA from behind certain types of routers
(such as the Cisco Virtual Office (CVO) router), some web traffic may pass through the connection while other
traffic drops. AnyConnect may calculate the MTU incorrectly.
when the AnyConnect client attempts to create an IPsec connection to an ASA from behind certain types of routers
(such as the Cisco Virtual Office (CVO) router), some web traffic may pass through the connection while other
traffic drops. AnyConnect may calculate the MTU incorrectly.
To work around this problem, manually set the MTU for the AnyConnect adaptor to a lower value using the
following command from the Mac OS X command line:
following command from the Mac OS X command line:
sudo ifconfig utun0 mtu 1200
(For Mac OS X v10.6 and later)
Preventing Windows Users from Circumventing Always-on
On Windows computers, users with limited or standard privileges may sometimes have write access to their
program data folders. This could allow them to delete the AnyConnect profile file and thereby circumvent the
always-on feature. To prevent this, configure the computer to restrict access to the following folders (or at least
the Cisco sub-folder):
program data folders. This could allow them to delete the AnyConnect profile file and thereby circumvent the
always-on feature. To prevent this, configure the computer to restrict access to the following folders (or at least
the Cisco sub-folder):
For Windows 7 or later users: C:\ProgramData