If you change the outside address of the firewall, you need to update the Cisco AnyConnect profile to point to the new address. I have had issues and errors even when the VPN client is using a DNS entry pointing to the new IP address of the firewall’s outside interface. The easiest way to fix this is to update the AnyConnect profile. Then, the next time the client connects, they will get the new profile pushed down to their workstation.
If you are in ASDM, go to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Client Profiles, highlight the client profile you have and click the “Edit” button.
From there go to the Server List:
Update the hostname to be the domain name and update the host address to be the new IP address and click OK. This will take you back to the Profile section, click OK again. Then you will be back to the overall Cisco AnyConnect Client Profile section; click Apply to apply to new profile.
Now when users connect in, they will not get an error message, and next time they will not have to keep manually adding in the domain or external IP address in the Cisco Anyconnect client.
Jason Howe, PEI
