About powelca

powelca · 04-18-2020

We're in the process of laying the groundwork for using AAA+Cert auth for VPN connectivity but we've hit a bit of a SNAFU. In the AnyConnect config on the ASA we've specified Certificate Store Override and Automatic Certificate Selection in preparati...

powelca · 02-26-2025

One note that I would add for anyone looking to utilize this solution with TrustSec, it does not appear that you're required to send the Generation ID as a part of the attribute-value-pair (based on my limited testing). This is the number that occurs...

powelca · 09-12-2024

This post is nearly 7 years old but I'm in the same scenario, is it still the case that there's no mechanism to do conditional authorizations based on which posture check failed?

powelca · 10-10-2022

Shouldn't the "Eduroam_User_Local" authorization condition still require @<your_domain.edu>? Without it, you're allowing your local users to authenticate without a realm. That works great for those that remain local, but it would break the ability to...

powelca · 07-31-2020

In case anyone stumbles upon this in the future, this bug is marked as fixed in AnyConnect 4.9.00086. In my testing I have not been able to reproduce the issue. :)

powelca · 05-28-2020

We were provided with a hotfixed version of AnyConnect that seems to resolve the issue but since we've already worked around the problem we opted to wait for the next GA release. Rumor has it this will be sometime in June.

Member Since	‎03-12-2020 04:19 PM
Date Last Visited	‎07-15-2025 02:26 AM
Posts	7
Total Helpful Votes Received	5

User Statistics

User Activity

ASA VPN HTTP 401 When automatic certificate selection is enabled

Re: ISE ODBC Integration with MySQL Database

Re: Posturing policies help required

Re: Configuring eduroam on Cisco Identity Services Engine (ISE) 2.1

Re: ASA VPN HTTP 401 When automatic certificate selection is enabled

Re: ASA VPN HTTP 401 When automatic certificate selection is enabled