Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
541
Views
0
Helpful
2
Replies

CA not authenticating users from SSL VPN

newtwork1
Level 1
Level 1

‎04-17-2011 05:21 AM

I built four ASA's with 10 SSL VPN users and all but one has the same problem. I'm required to have aaa and user ca authentication. After I did crypto ca server user-db allow all-unenrolled I downloaded the user certs and tested a few to ensure I could authenticate with aaa and user certs. I was successful.

After a week or so I was going to test the whole path for VPN users will use. I was then unable to authenticate with the certificates Anyconnect said certificate validation failed.

The syslog errors I get are 71009 and 717027. I checked the CA and it is enabled, the dates on the certificates are still good, time on the asa is correct and I have no cert revocations.

I am able to authenticate to the VPN when only using aaa.

After ensuring I could still authenticate I created a test01 cert on one of the ASA's and installed it on my machine. I was then able to authenticate using aaa and user certs.

Any thoughts on why the user certs aren't working and how to fix it?

This is a LOCAL-CA-SERVER

Newt

Labels:
0 Helpful
2 Replies 2

newtwork1
Level 1
Level 1

‎04-19-2011 05:42 AM

Any thoughts???

0 Helpful

newtwork1
Level 1
Level 1
In response to newtwork1

‎06-22-2011 12:16 PM

I realized the reason this was happening was I had multiple user certificates (for different VPNs) in the personal folder and either the computer or the asa wasn't sure which one to pick.

0 Helpful
Customers Also Viewed These Support Documents