Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AnyConnect 3.1 to ASA (9.1) initial connection

Hello,

I am trying to understand the flow of things when the AnyConnect Client rel. 3.1 connects to the ASA rel. 9.1 for the first time to bring up a IPsec/IKEv2 tunnel.

There is a requirement to have the digital certificate have the attribute "Extended Key Usage (EKU) be filled out with server-authentication and the client have client-authentication.

This is preventing my tunnel from being formed.

Does anyone know why this is required?

Is it because of some RFC?


Everyone's tags (4)
285
Views
0
Helpful
0
Replies