On the certificate, you need to check what is the "Issue to" say, and when you connect via AnyConnect, you would need to use the same name as what the certificate says.
So if the certificate issue to says: "vpn.domain.com" for example, then when you connect via AnyConnect, you also need to use "vpn.domain.com" instead of ip address for example. If you connect via ip address then it doesn't match the certificate issue to, or vice versa.
I think you are using a private certificate issued by your own CA and you are not able to reach the CRL list from the ASA to check if the client cert is valid.
In ASDM go to Configuration, Certificate Management, CA Certificates and make sure you have your CA cert installed there.To verify if it is a problem getting the CRL list click the CA cert and Request CRL, nothing will happen if it can't reach it.
Click on Edit and tick Do not check certificates for revocation and you should now not get the certificate validation error message anymore from your client machine. You also won't be able to expire any certs if you leave Do not check ticked, so to fix it:
1) Check that the protocol you use to retreive the CRL is allowed through any firewalls you have, the options are LDAP or http.
2) The ASA's default is to use the CRL list that is stored in the CA cert itself. You can view the url on your client machine if you click view certificate in your browser(IE): Tools,Internet Options, Content, Certificates, View, Details, CRL distribution points. Get the direct url from your cert server adminstrator and fill it in under the CRL retrieval policy tab if you have to. Click Request CRL again to verify that it is working.
Also configure DNS servers that are reachable and can resolve the CRL url from your ASA using the 'name-server' command on the cli.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.