Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
320
Views
0
Helpful
1
Replies

ASA 9.4(1) + aaa certificate

Roman Samoylov
Level 1
Level 1

‎09-23-2015 02:04 AM

I have 2 ASA devices with nearly same VPN config (ASA 5512-X 9.1(4) and ASA 5510 8.4(4)1). To connect user should have certificate installed and a membership in AD group. Certificate defines tunnel-group, after that AD request authorizes his rights to connect Anyconnect.

Recently we got another device, ASA 5506-X 9.4(1). Config was transferred there, but Anyconnect connection fails - "Certificate validation failure", client thinks that there is no correct certificate. To check if it's right I exported cert from ASA and installed it, but there is still "certificate validation failure". I have no idea what OS improvement makes my VPN that lazy. It works fine if I swap "authentication aaa certificate" to "authentication aaa" (sure, it doesnt check cert). Can anyone help me?

Partial config is attached.

1 person had this problem
Labels:
Preview file
3 KB
0 Helpful
1 Reply 1

Roman Samoylov
Level 1
Level 1

‎11-03-2015 12:33 AM

Upgraded to 9.5(1). No changes.

0 Helpful
Customers Also Viewed These Support Documents