Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
884
Views
0
Helpful
2
Replies

ASA SSL VPN cluster at different geographic location

ddakshina
Level 1
Level 1

‎10-20-2010 04:00 PM

We have ASA SSL VPN configured at different location and want them to be accessed over DNS name. DNS round robin is configured for two ASA but when we connect Anyconnect over DNS name it fails where as I am able to connect with physical IP address. ASA has a self signed certifcate on it so do I require to have a third party certificate for connecting over DNS name. 


Below is the message we get when connecting AnyConnect Client over DNS Name.

"AnyConnect was not able to establish a connection to the specified secure gateway. Please try connection again"

Labels:
0 Helpful
2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

‎10-20-2010 05:53 PM

Do both self signed certificates on the ASA has Common Name (CN) configured as the DNS name that you use to connect with?

I am assuming that your DNS name does resolve to an ip address?

0 Helpful

ddakshina
Level 1
Level 1
In response to Jennifer Halim

‎11-01-2010 08:49 PM

Hi,

I defined identity certificate on both ASA VPN firewall with same cn name and assigned to outside interface. I tried connecting it fails with message "A certifcate problem has encountered. A VPN connection will not be established."

I checked the netstat output on the system and it shows me a multiple connection request to both ASA.

0 Helpful
Customers Also Viewed These Support Documents