09-12-2018 08:47 AM - edited 02-21-2020 08:14 AM
A CA cert seems to be tied to my SSL VPN configuration that when a user connects it checks for this cert on their machine, how can I remove this validation since we are moving to MFA with DUO, I have machines that do not have certs that fail because the ASA is looking for certs.
09-12-2018 09:35 AM
Check the Authentication method for your AnyConnect connection profile (known as tunnel-group in the cli configuration).
If you're using ASDM it's under Configuration > Remote Access VPN > AnyConnect Connection Profile > Edit.
A much less common possibility is a DAP check. See if there's a dap.xml file on the ASA. That would be under the Host Scan section of Secure Desktop Manager section of the Remote Access VPN configuration.
09-12-2018 10:24 AM
09-12-2018 06:14 PM
Yes, that will generally do it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: