cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

ASA 9.4(1) + aaa certificate

Roman Samoylov
Level 1
Level 1

I have 2 ASA devices with nearly same VPN config (ASA 5512-X 9.1(4) and ASA 5510 8.4(4)1). To connect user should have certificate installed and a membership in AD group. Certificate defines tunnel-group, after that AD request authorizes his rights to connect Anyconnect.

Recently we got another device, ASA 5506-X 9.4(1). Config was transferred there, but Anyconnect connection fails - "Certificate validation failure", client thinks that there is no correct certificate. To check if it's right I exported cert from ASA and installed it, but there is still "certificate validation failure". I have no idea what OS improvement makes my VPN that lazy. It works fine if I swap "authentication aaa certificate" to "authentication aaa" (sure, it doesnt check cert). Can anyone help me?

Partial config is attached.

Who Me Too'd this topic