I was able to deploy iPad AnyConnect clients using certificate authentication from the local CA on an ASA5510, but I need to implement the failover function on the ASA, which precludes me from enabling the local CA. I'm trying to use certificates from a Windows CA Server, and I need some help. I loaded the CA's cert on the ASA (through ASDM, under Configuration / Remote Access VPN / Certificate Management / CA Certificates), then I created a user certificate for myself on the server (going to http://servername/certsrv/). If I load that cert on the iPad through the iPhone Configuration Utility (by importing it first to my Windows PC certificate store), it shows as an available cert on the AnyConnect client, but when I try to connect, I get "This connection requires a client certificate, but no matching certificate is configured. Please modify the connection, choose a valid certificate, and try again." When I look at the certificate on the iPad, it shows as being issued by the iPhone Configuration Utility CA instead of the CA from the server that issued it. Has anybody been able to make this work?

Thanks!