Force client cert only for anyconnect and not for ssl-clientless?
I need to configure different authentication for anyconnect clients and clients logging in using the ssl portal in the browser.
I want both AAA and certificate for anyconnect but i want ONLY aaa for the ssl portal (clientless)
I tried using two tunnel groups with different authentication settings but i need the same alias available for both clientless and anyconnect and when i tried that it said i cant have two with the same alias.
Force client cert only for anyconnect and not for ssl-clientless
Did you ever get an answer to this question?
It seems you should be able to set up a two different client profiles. Under Authentication, ssl-client would would specify "Both" and the sslclientless would specify AAA. You would likely have to duplicate much of the other work but the requirement would be satisfied.
Hello! I run 220.127.116.11.When I click download updates in ASDM I get:Download updates failed: Peer certificate cannot be authenticated with known CA certificates I have 3 identical devices and all of them have the same problem.. How can I fix ...
You would like to use the ASA Firewall Umbrella Connector to enforce DNS policy with Umbrella. However you would also like to exclude certain IP addresses or subnets from using this policy. I recently had the need to do this, had a bit of tro...
Hi Everyonem Just wondering if anyone knows why I am getting an error that says "Cryptographic algorithms required by the secure gateway do not match those supported by AnyConnect. Please contact your network administrator.". See attached...
The Cisco 2020 CISO Benchmark Report provides valuable takeaways and data on the most pressing topics: the impact of vendor consolidation, cybersecurity fatigue, outsourcing, top causes of downtime, the most impactful threats, and more. The repo...
Hi, Has anyone run into the "Channel down" issue when updating the identity certificate on the Stealthwatch SMCv and SFCv. I'm doing a POC for a client and every time I go an update the identity cert the SMC says "it could save the configuration" and...