Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
514
Views
0
Helpful
0
Replies

ASA: AnyConnect using certificates does not work and shows error msg

swscco001
Level 3
Level 3

‎02-20-2023 05:57 AM

Hello everybody,

our customer has an branch ASA5516 (OS: 9.16(3)19) and when he try to access the ASA
using AnConnect (4.10) he get the error message window:
"Certificate Validation Error"

In the logging appears (complete logging attached):
...
No certificates received during the handshake with client outside:<client_IP>/21394 to <ASA_IP>/443 for TLSv1.2 session
...

He gets no window to enter username & password.

On the main site ASA he can login with certificates without issues.

There are no expired certificates on the branch ASA5516 and
NTP ssems to be ok:

Result of the command: "show ntp status"

Clock is synchronized, stratum 2, reference is 192.53.103.108
nominal freq is 99.9984 Hz, actual freq is 99.9376 Hz, precision is 2**6
reference time is e79dccdb.fbd38de7 (10:41:31.983 UTC Mon Feb 20 2023)
clock offset is -0.9559 msec, root delay is 69.02 msec
root dispersion is 16.72 msec, peer dispersion is 15.75 msec

It looks like the certificates were not used for AnyConnect at him.

I see another user is logged in by the same AnyConnect connection profile
to the brach ASA.

Attached you find the current configuration.

What is the best troubleshooting procedure here?

Thanks a lot for every hint!

 


Bye
R.

Preview file
10 KB
Preview file
87 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card