cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
76
Views
0
Helpful
0
Replies
Highlighted
Beginner

Multiple Anyconnect Connection profiles with individual identity certificates

We currently have a number of ASA Anyconnect VPN gateways in our organisation. Users have the ability to select one of the regional client profiles to connect remotely. However we are thinking of deploying load balancing with the Microsoft Azure.

The brief is that on each ASA we should maintain the current connection and client profile and add the connection and client profile for the load balancer. This is with a view to giving  the user the ability to select a profile via the anyconnect client. 

  • Authentication - 2 factor - AAA + Cert
  • Normal Profile - remote.abc.com
  • Load balance - remote.LB.abc.com
  • Each profile has an identity cert which is assigned to a trustpoint. 

 

Problem: 

Only one trustpoint can be assigned to the Outside interface of the firewall so only one profile can be operational with the certificate authentication. How do we work around this if we want to have 2 independent connection profiles each with their own identity certs on the ASA?  We have already tired using a cert with a Subject Alternate Name (SAN) but I could not import it onto the ASA.