We recently purchased a certificate for our ASA to use on the outside interface, when connecting in order to get AnyConnect installed or simply use webvpn. I added it as an identity cert and the CA cert as well, and then made it the default cert for the outside interface. This all worked just fine.
Now, we want to use cert-based authentication for our AnyConnect (along with RADIUS which is already working). We have an internal Microsoft cert server, that we would like to use for this purpose. Question is... how can we use the public purchased cert on the outside interface for webvpn and AnyConnect installation and at the same time use the "internal" cert for authentication of VPN client? Is it even possible?
I've already created an internal cert and installed it on the asa along with the CA cert of our internal server. We are running version 8.2(2).
I hope someone, with a little more knowledge about this than me, can assist
Thanks in advance,
Debugging for failed attempt please, however you normally try to do this.
Can you try with and without ssl certificate-auth ... ?