Jay, I've been doing some testing with WebVPN and AnyConnect client and have had no problems with Vista honouring the certificate. I'm using a 7301 as the SSL/WebVPN Gateway running IOS 12.4(24)T1.
My config resembles your config somewhat. Below I've shown the relevant parts of my config. crypto pki trustpoint TP-self-signed-74999113 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-74999113 revocation-check none rsakeypair TP-self-signed-74999113 ! ! crypto pki certificate chain TP-self-signed-74999113 certificate self-signed 01 ! webvpn gateway WEBVPN ip address A.B.C.D port 443 http-redirect port 80 ssl trustpoint TP-self-signed-74999113 inservice ! webvpn install svc disk0:/webvpn/anyconnect-win-2.3.2016-k9.pkg sequence 1 ! webvpn install svc disk0:/webvpn/anyconnect-macosx-powerpc-2.3.2016-k9.pkg sequence 2 ! webvpn install svc disk0:/webvpn/anyconnect-macosx-i386-2.3.2016-k9.pkg sequence 3 ! webvpn install svc disk0:/webvpn/anyconnect-linux-2.3.2016-k9.pkg sequence 4 ! webvpn context TUNNEL title "Tunnel Mode" ssl authenticate verify all ! ! policy group TUNNEL-GROUP functions svc-enabled svc address-pool "TUNNEL-POOL" svc keep-client-installed svc dpd-interval gateway 30 svc homepage "http://192.168.2.2" svc rekey method new-tunnel svc split include 192.168.2.0 255.255.255.0 vrf-name NSTEST default-group-policy TUNNEL-GROUP aaa authentication list NSTEST gateway WEBVPN domain tunnel inservice I did have problems with the self signed certificate at one time when I was unable to open the WebVPN portal because the certificate wasn't valid. This was showing up in the router logs with a line saying something along the lines of "key is inactive". To fix this, I re-generated the certficate by removing it from the webvpn gateway section with a "no ssl trustpoint TP-self-signed-74999113" and as I did that it automatically re-gerneated a new certficiate. Been working ok since. Cheers. Andy This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the organisation. Finally, the recipient should check this email and any attachments for the presence of viruses. The organisation accepts no liability for any damage caused by any virus transmitted by this email. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/