Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
478
Views
0
Helpful
0
Replies

Multiple Anyconnect Connection profiles with individual identity certificates

dasgill
Level 1
Level 1

‎04-03-2020 03:41 AM - edited ‎04-03-2020 03:56 AM

We currently have a number of ASA Anyconnect VPN gateways in our organisation. Users have the ability to select one of the regional client profiles to connect remotely. However we are thinking of deploying load balancing with the Microsoft Azure.

The brief is that on each ASA we should maintain the current connection and client profile and add the connection and client profile for the load balancer. This is with a view to giving  the user the ability to select a profile via the anyconnect client. 

  • Authentication - 2 factor - AAA + Cert
  • Normal Profile - remote.abc.com
  • Load balance - remote.LB.abc.com
  • Each profile has an identity cert which is assigned to a trustpoint. 

 

Problem: 

Only one trustpoint can be assigned to the Outside interface of the firewall so only one profile can be operational with the certificate authentication. How do we work around this if we want to have 2 independent connection profiles each with their own identity certs on the ASA?  We have already tired using a cert with a Subject Alternate Name (SAN) but I could not import it onto the ASA. 

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents