Cisco VPN Client Certificate Importing as RA/Intermediate Certificate
Wondering if anyone has come across this issue before. We have had to move an MS CA (Enterprise Root, Windows Server 2008) to a different server, but have kept the same root certificate and CA name.
We have a Cisco Easy VPN terminating on an ASA 5510 using client certificates and LDAP credentials to authenticate users. All users with existing, valid certificates work fine, and can access the VPN.
However, when we generate a new client certificate, the Cisco Easy VPN Client imports its the "RA" store rather than the "Cisco" store, which means I cannot use it for the VPN. Furthermore, if I put the certificate inside of the Personal store on my user account, it shows up in the Cisco client but does not pass authentication and fails.
On the other hand, the CA certificate is imported into the client without any hassles.
I am convinced that this is to do with the Microsoft CA and the way that it is issuing certificates - Has anyone seen this before, and if so, what did you do to resolve it? Has anyone created their own MS certificate templates for Ciscos VPN Client, or does the certificate have to meet a certain criteria before it gets imported into the correct store - ie. how does the VPN client know which store to put it in?
As of June 2020, the Cisco ISE pxGrid App for QRadar Ver 1.1.0 is officially Validated and released by IBM, available for download from IBM XFE. Access the link to download app here.
The Cisco ISE pxGrid App V1.1 supports Cisco Identity Se...
i have an ip that is part of our internal network, i configured route map on the core to redirect the traffic to the firewall for further inspection.i checked the firewall logs i can see the traffic is redirect to the firewall successfully. i could ping o...
Hi, 1)May I know wht it means when context visibility Status showing 'disconnected" and '(blank)'?Difference between 'disconnected" and '(blank)'. Since both devices also not connected.I found tht these devices are no longer connected to the swi...
Hi ,I would like to configure multiple public ip (same subnet) on outside interface of ASA.I want to use static NAT for specific purpose.For example i have 8 public IP and I want to use 1 is internet ,1 for VPN ,1 for DMZ server and all ip want to a...
Hi all, Is it a way to retrieve the IPS policies from our IPS Appliance or censor? I have tried to look for a way but I am not able to do so. May I knwo any way can retrieve the policies from the Appliance either from the Appliance itself o...