09-12-2018 08:47 AM - edited 02-21-2020 08:14 AM
A CA cert seems to be tied to my SSL VPN configuration that when a user connects it checks for this cert on their machine, how can I remove this validation since we are moving to MFA with DUO, I have machines that do not have certs that fail because the ASA is looking for certs.
09-12-2018 09:35 AM
Check the Authentication method for your AnyConnect connection profile (known as tunnel-group in the cli configuration).
If you're using ASDM it's under Configuration > Remote Access VPN > AnyConnect Connection Profile > Edit.
A much less common possibility is a DAP check. See if there's a dap.xml file on the ASA. That would be under the Host Scan section of Secure Desktop Manager section of the Remote Access VPN configuration.
09-12-2018 10:24 AM
09-12-2018 06:14 PM
Yes, that will generally do it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide