cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

273
Views
0
Helpful
0
Replies
Highlighted
Beginner

Certificate to Tunnel-Group Mapping using the OU Field

Hello,

I have got a problem mapping a certificate to a tunnel-group, using the default "tunnel-group-map enable ou" command.

I have several tunnel-groups and certificates that work just fine which have a DN of CN="user";"OU="Department";dc="company".

The certificate that won't work, has several OU-Fields --> DN --> CN="user";OU="Clients";OU="abc";OU="xyz";dc="company", and I want to map on the OU="Clients, so I named my tunnel-group Clients.

The problem is see in ASA Logs is, that it tries to find a tunnel-group mapping for the OU="xyz" and not for the OU="Clients".

Is the ASA capable to handle certificates with more than one OU-Field? How could I get this to work or is there a missconfiguration in the certificate template?

Thanks for any advice.

Best regards,

Thomas

Everyone's tags (4)