Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1701
Views
0
Helpful
1
Replies

Anyconnect VPN

sachithak
Level 1
Level 1

‎10-14-2010 08:32 PM - edited ‎02-21-2020 04:54 PM

I have

enabled cisco anyconnect vpn on an ASA series firewall and when I select local AAA

authentication I can connect my Anyconnect client.

But, when I select certificate based authentication, I'm not able to connect the Anyconnect VPN client to the firewall and an eeror message "certificate validation failure" is displayed. I think I may not have configured the ASA or my browser correctly. Can anybody help me and tell me the correct procedure for certificate based authentication without having to give a username and password?

Thanks

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Rudresh Veerappaji
Cisco Employee
Cisco Employee

‎10-20-2010 10:51 PM

Hi Sachitha,

I guess you would have implemented this feature already by now, but here are the details:

1. As a first thing we need to install certificate on the ASA (self-signed or third party) Here is the link providing all the details for this:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/cert_cfg.html#wp1042284

2. Next we need to configure the Anyconnect to use these certificates, here is the conifg for this via ASDM:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect20/administrative/guide/admin5.html#wp1010958

3. Then we need to apply a certificate on the Client machines, one identity certificate and then the certificate Chain (root and intermediate certificates). We need to make sure the ASA certificate and the identity cerificate is signed by a CA in the certificate chain installed on both ASA and the client.

If you are facing issues even after this, let me know.

Hope this helps,

Cheers,

Rudresh V

0 Helpful
Customers Also Viewed These Support Documents