Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1864
Views
0
Helpful
3
Replies

ASA SSL VPN Anyconnect Cert Validation

Steven Williams
Level 4
Level 4

‎09-12-2018 08:47 AM - edited ‎02-21-2020 08:14 AM

A CA cert seems to be tied to my SSL VPN configuration that when a user connects it checks for this cert on their machine, how can I remove this validation since we are moving to MFA with DUO, I have machines that do not have certs that fail because the ASA is looking for certs.

 

 

0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-12-2018 09:35 AM

Check the Authentication method for your AnyConnect connection profile (known as tunnel-group in the cli configuration).

 

If you're using ASDM it's under Configuration > Remote Access VPN > AnyConnect Connection Profile > Edit.

 

A much less common possibility is a DAP check. See if there's a dap.xml file on the ASA. That would be under the Host Scan section of Secure Desktop Manager section of the Remote Access VPN configuration.

 

0 Helpful

Steven Williams
Level 4
Level 4
In response to Marvin Rhoads

‎09-12-2018 10:24 AM

AAA Method is "AAA and Certificate" so can I just move that that to AAA only and it will stop looking for a cert?
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Steven Williams

‎09-12-2018 06:14 PM

Yes, that will generally do it.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card