We have changed our ASA's DNS name from vpn-1.old-domain.com to vpn-1.new-domain.com. A connection profile in a user PC contains the old one VPN host: vpn-1.old-domain.com. So, due to connection there will be an SSL cert error displayed, such as SSL_ERROR_BAD_CERT_DOMAIN like in the Firefox.
Can ASA do redirect Anyconnect SSL VPN connection from old DNS to the new one ? Maybe there is another more straight, correct way ?
ASA version is 9.6(2)13
Best Answer
The client just connects to an IP address so the ASA doesn't know which name the client resolved to get that IP address, and hence it cannot do any redirection.
The only 2 options I see are:
create a new profile (containing the new name) and distribute this to your users somehow out-of-band (e.g. email it to them or email them a URL where to download it)
create a new profile on the ASA and tell your users to ignore the certificate warning (just this once :)) so they are able to connect, which will automatically update the profile.