CiscoAnyconnect : could not connect to server after prévious config reload

We have a Cisco 881 router hosting a SSL webvpn gateway. This gateway is used by mobile users to connect through AnyConnect 4.4.
This system was correctly configured and working perfectly. (Certificates, trustpoints, SSL gateway, SSL context, …)

Yesterday, we made a "bad" modif in the router config. So we have reloaded the previous good configuration that was working correctly. (copy tftp start and router reloaded)

Now, AnyConnect says :

Could not connect to server. Please verify Internet connectivity and server address.

The web page https://fqdn:port is unavailable.

I've telneted publicip:port. No error
In the router "show webvpn gateway SSL1" says the gateway is up and "show webvpn context SSL" says also context is up.

What could be damaged in the router config despite good config reload and multiple reboots ?

Best Answer

As stated in the third comment above, the solution was to recreate the full certificate chain :

Import the RSA key pair
Recreate the trustpoint for this RSA key pair
Import CA root and intermediate certificates and recreate the corresponding trustpoints
Import the final SSL certificate

Not sure that the first step (normally impossible if the RSA keypair has not been previously exported or is not exportable) was really necessary. But it works.

Best regards,

Guy

Best Answer

Related Solutions

Cisco router loses configuration on reload even after saving it

Cisco – SSH not working after Restoring Running-Config to a Replacement Cisco Router

Related Topic