Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
639
Views
0
Helpful
1
Replies

AnyConnect : Certificate Matching issue + Message customization doesn't work

Franck A.
Level 1
Level 1

‎06-04-2021 08:35 AM

Hi,

First time that I post something here as usually am able to find me solutions browsing this forum, not this time unfortunately.
I have a double problem, both are related to AnyConnect.

 

First problem : Certificate Matching customization doesn't apply.

 

What is currently working : Import a Identity certificate into ASA certificates bank and apply certificate authentication along AD + Token tunnel-group configuration.
So if the user (linked to the tunnel group on which this config is applied) have the same certificate on his computer, it works. (And if he haven't, it doesn't work, so this thing works fine).

 

What currently doesn't work or doesn't apply :

I need to match explicitely a specific certificate, and not randomly one of the Identity certificates available on the ASA.
For this purpose, i've created an "AnyConnect Client Profile".
On Certificate Matching setting page :

2021-06-04_17h31_53.png


What are my tests :

If i try to connect with my computer having :
- CertA and CertB : It works.
- CertA only : It works ... But it shouldn't
- CertB only : Obviously it works but not thanks to the customization probably.

Si it works in every cases, even on one where it mustn't.

 

What do I miss ?
To be honnest, am a bit lost about how to configure this.


Second problem : AnyConnect Customization/localization doesn't apply aswell.

 

I need to customize some error messages when a user trying to connect via AnyConnect.
I've created, from the ASA Template provided, a new Localization entry.
For exemple i need to customize error message "Certificate Validation Failure" that happen when the user doesn't have the certificate on his computer.


So for this, i've edited this part of the file :
(...)
#. Doc: Message originated from the ASA. This error indicates an authentication failure. The secure gateway has
#. declined to accept the certificate provided by the client because it could
#. not be validated. Please verify that the correct certificate is available in
#. the certificate store.
#: ed69b4901d42ed64e576d6b0d257aa32
msgid "Certificate Validation Failure"
msgstr "MY NEW MESSAGE"
(...)

 

Then ... what I have to do to apply these customization ?
Because it doesn't seems to apply automaticaly.

 

In advance, many thanks for your help and doesn't hesitate to ask me if you need a precision.

Regards
Franck

Labels:
0 Helpful
1 Reply 1

Franck A.
Level 1
Level 1

‎06-16-2021 02:49 AM

Hi,

Sorry to bump the topic up, does anybody have a clue about where should I have a look ?

Thanks a lot in advance and again if some parts are unclear, please let me know !

Have a nice day !

0 Helpful
Customers Also Viewed These Support Documents