Guys,
I have a query about the setup for this. I have been following this procedure below. My asa is on version 8.2(5) and the anyconnect is version 3. The CA i am using is Windows server 2008. I have been testing with a Sub CA
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b25dc1.shtml
I can open any connect and get prompted by the firewall to select the profile to use. I select the certenroll profile and login with AD credentials but keep getting authentication failed and nothing happens. The authentication on the profile is set to local but im not sure what this authenticates to or if the anyconnect profile relays this the CA server.
I have seen some videos which show more settings on the asdm for scep proxy settings. The method i am using is tunneling queries from the endpoint to the CA server. I am wondering if my version of anyconnect/firewall supports this and would i be best upgrading to version 9 of asa and use scep proxy instead of the tunnelling method.
Also just as a check on the CA side of things. Does the CA need to be running NDES to support requests sent from the firewall.