Seems to be that, or also you are not installed the CA in the ACS
| ________ Server Certificate
Ensure that the certificate authority that signed the client's certificate is correctly installed in the Certificate Authorities page (Users and Identity Stores: Certificate Authorities). Check the OpenSSLErrorMessage and OpenSSLErrorStack for more information. If CRL is configured, check the System Diagnostics for possible CRL downloading faults.
You are correct, the ACS doesn't have the CA for the client certificate being presented. This can be added under Users and Identity Stores -> Certificate Authorties, If it is a multi-tiered CA you can add each certificate in the chain here.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...