cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1157
Views
0
Helpful
3
Replies

Anyconnect Client authentication method

Bel Marsad
Level 1
Level 1

Hi dear,

I have issue to do work my anyconnect client with local machine certificate:

Here how I configured my ASA5520 version 8.2(2) with ASDM 6.2.5 and anyconnect 2.5:

I choose a name for my web link “my.company.com” for this name I bought a SSL Certificate from VeriSign, and installed it to ASA and enabled to our WAN interface.

All our company laptop have a machine certificate delivered by our own CA that is windows.

I configured the anyconnect profile xml file under “Preferences” to match Certificate Store=machine, and also checked out the Certificate Store Override option, under “Certificate Match” tab – Distinguished Name I added (CN and DC) that match our CA and CN.

On the profile tunnel I choice authentication method=Certificate

When connecting to https:// my.company.com I see that the SSL certificate is a valid one from VeriSign, but when I choice the profile tunnel, it told me “Certificate Validation Failure”

Could someone help me, I think I did right understand something..

Thanks

3 Replies 3

Jason Gervia
Cisco Employee
Cisco Employee

Hello,

Is your Local CAs certificate installed as a CA cert on the ASA?  Without that, the ASA won't be able to validate the certificate that you are presenting to it from your local machine.

--Jason

Thanks for your answer, but I dont really understant your question, our company

CA is a windows based and all laptop on our company domain have a certificate from this CA.

I installed a SSL certificate from VeriSigne to our ASA WAN interface in order to have https for the link that all our client with them laptop connect by web browser to get anyconnect client.

Thanks

Is there someone that can give me an answer?

Thanks