VPN# sh run all ssl
ssl server-version tlsv1
ssl client-version tlsv1
ssl cipher default custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
ssl cipher tlsv1 custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
ssl cipher tlsv1.1 medium
ssl cipher tlsv1.2 medium
ssl cipher dtlsv1 custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
ssl dh-group group2
ssl ecdh-group group19
ssl trust-point ASDM_Launcher_Access_TrustPoint_0 outside
ssl trust-point SSL inside
ssl trust-point ASDM_Launcher_Access_TrustPoint_0 inside vpnlb-ip
ssl certificate-authentication fca-timeout 2
VPN#

Hi,

I do not see the SSL trustpoint enabled on the outside interface.

It has been enabled on the inside interface.

From where do you access the VPN ?

Regards,

Aditya

Please rate helpful posts and mark correct answers.

Oh sorry.. This is an ASA which is still not pushed to production. I was accessing it from internal LAN.. :) 

I have an SSL trustpoint mapped to inside interface and it gives the correct SSL cert too.

But that SSL trustpoint is shown as 'not authenticated' ..that's what my confusion is.

CF

Hi -

The "SSL" TP is probably missing both the root chain and the private key.

"show run crypto ca trustpoint" will likely reflect this.

PSC

I don't think so because, I can see the certificate chain and a valid certificate, when I access the ASA from inside.

Hi CF -

Can't tell if you don't post the requested output.

PSC