cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
454
Views
0
Helpful
2
Replies

CA not authenticating users from SSL VPN

newtwork1
Level 1
Level 1

I built four ASA's with 10 SSL VPN users and all but one has the same problem. I'm required to have aaa and user ca authentication. After I did crypto ca server user-db allow all-unenrolled I downloaded the user certs and tested a few to ensure I could authenticate with aaa and user certs. I was successful.

After a week or so I was going to test the whole path for VPN users will use. I was then unable to authenticate with the certificates Anyconnect said certificate validation failed.

The syslog errors I get are 71009 and 717027. I checked the CA and it is enabled, the dates on the certificates are still good, time on the asa is correct and I have no cert revocations.

I am able to authenticate to the VPN when only using aaa.

After ensuring I could still authenticate I created a test01 cert on one of the ASA's and installed it on my machine. I was then able to authenticate using aaa and user certs.

Any thoughts on why the user certs aren't working and how to fix it?

This is a LOCAL-CA-SERVER

Newt

2 Replies 2

newtwork1
Level 1
Level 1

Any thoughts???

I realized the reason this was happening was I had multiple user certificates (for different VPNs) in the personal folder and either the computer or the asa wasn't sure which one to pick.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: