Anyconnect VPN

Unanswered Question
Oct 14th, 2010
User Badges:

I have

enabled cisco anyconnect vpn on an ASA series firewall and when I select local AAA

authentication I can connect my Anyconnect client.

But, when I select certificate based authentication, I'm not able to connect the Anyconnect VPN client to the firewall and an eeror message "certificate validation failure" is displayed. I think I may not have configured the ASA or my browser correctly. Can anybody help me and tell me the correct procedure for certificate based authentication without having to give a username and password?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Rudresh V Wed, 10/20/2010 - 22:51
User Badges:
  • Cisco Employee,

Hi Sachitha,

I guess you would have implemented this feature already by now, but here are the details:

1. As a first thing we need to install certificate on the ASA (self-signed or third party) Here is the link providing all the details for this:

2. Next we need to configure the Anyconnect to use these certificates, here is the conifg for this via ASDM:

3. Then we need to apply a certificate on the Client machines, one identity certificate and then the certificate Chain (root and intermediate certificates). We need to make sure the ASA certificate and the identity cerificate is signed by a CA in the certificate chain installed on both ASA and the client.

If you are facing issues even after this, let me know.

Hope this helps,


Rudresh V


This Discussion