Anyconnect 4.9x Auto Certificate selection does NOT work !?
I recently installed Anyconnect client V4.9 on my Win10 laptop to connect to an ASA running 126.96.36.199 .
For perspective, this is a preparation job, so the ASA external Cert is valid, but does NOT currently match its IP/FQDN due to that being used on another gateway we are replacing.
If I configure 2FA, everything works as expected. But when I try 3FA using a client side certificate it will only work if I select cert store override in the profile & set cert selection to user control. If I try to use automatic selection, it comes back with Certificate Validation Failure.
The ASA has the correct CA & Intermediate Certs. It works fine if I manually select the Cert from the popup that appears as part of connection/login. So I know the correct cert is installed & matching CA certs on the ASA. But I can't seem to get auto cert selection working.
Auto cert selection works fine to another set of FTD's we have & that client profile has a <CertificateMatch> property in the .xml profile. Adding similar to the not working profile, breaks manual cert selection to the ASA.
I've done some searching on here, but most threads are donkeys years old.
This month, we're excited to bring awareness to a newly formed partnership between Cisco Secure and IBM.
Securing today's dynamic enterprise applications is critical. With hybrid and multi-cloud adoption, traditional network-based security ran into limita...
Listen: https://smarturl.it/CCRS8E42Follow us: twitter.com/CiscoChampion
APIClarity is an open source, cloud-native visibility tool for APIs. It utilizes a Service Mesh framework to capture and analyze API traffic and identify potential risks.
Hello everyone, A new video in the Cisco Secure Terraform Series has just been published. If you are interested in Infrastructure as Code, and Terraform, you don't want to miss out on this amazing series with Jason "Canadian Bacon" Maynard! Newe...
The Cisco Secure Firewall and SecureX teams are looking for feedback from active Secure Firewall users who may or may not have already activated SecureX. Your responses will help us improve the Firepower experience in SecureX. Th...