I have a SSL Client VPN configuration setup using both AAA and cert for authentication. I am using internal MS PKI for my cert deployment. My question is what if I also want to do clientless connections to this same ASA. I have my ASA's identity cert trustpoint on the outside interface but it is only signed by my internal CA, not a public CA. So if anyone outside my company attempts to connect, the would see a certificate warning page correct?