Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Anyconnect cert enrollment with ASA SCEP proxy and MS SCEP

Trying to get my anyconnect client 3.0 client for windows to enroll with MS SCEP server through my ASA. 

Group policy is configured with SCEP forwarding URL http://<MS Server>/CertSrv/mscep/mscep.dll.  In the connection profile I checked the box for  Enable Simple Cert enrollment protocol.  I generated a client profile with Scep Host as profile name.  The CA url is the SCEP forwarding URL.  I also configured the Subjects and included the CA domain of the issuing CA.  The connection profile is configured for both AAA and Cert.  Now when I connect in I get the  AAA auth and get the challenge password request.  End result is a certificate enrollment failure

I see the traffic reaching the SCEP server.  I also see the response coming back to the ASA.  Not sure the next step to determine the Enrollment failure.           

Everyone's tags (7)
CreatePlease to create content