02-06-2012 06:45 AM - edited 02-21-2020 05:51 PM
Hello,
I want to deploy AnyConnect SSL VPN client with an ASA appliance, using certificate authentication only.
I order to be able to request a certificate via SCEP on the AnyConnect client, I have to download a AnyConnect xml profile from the ASA. But this can be done only if the AnyConnect client is authenticate on the ASA ?! It's a question of chicken or egg ?
I have read all documentation regarding this subject on Cisco.com but I havn't found any answer. Have anybody a suggestion about this, I should have missed something for sure ?
Thanks in advance.
Vincent
Ps. : We can imagine to deployed manually the AnyConnect xml profile on the Windows machine, but what about other OS like Iphone/Ipad where we have no access on the system file....
02-10-2012 01:11 AM
Hi,
Any suggestion about this deployment question ?
Any remarks or comments are welkome.
Vincent
03-23-2012 09:06 AM
FYI
I've finally manage to deploy certificates on the anyconnect client (Win/Mac OS-X, Iphone/Ipad) by using PKCS#12 file.
03-23-2012 09:15 AM
How did you accomplish this? I am trying to do the same thing with an ASA and Microsoft CA server.
Thanks
03-23-2012 09:43 AM
Hi Paul,
I generate a PCKS#12 file that enclosed the client certificate + the associated private key + the CA certchain.
I deployed it on client host machine by juste sending it by e-mail/ USB key/ Web plushing.
Depending of your client OS version, the client certificate should be present in, the "login" store of keychain repository on a MAC OS-X client and in the "personal" store of the certificate repository on a Windows client.
And that it.
Vincent
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide