Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
492
Views
0
Helpful
4
Replies

Anyconnect VPN CA Issue

arshad_cisco86
Level 1
Level 1

‎08-26-2015 07:59 AM - edited ‎02-21-2020 08:25 PM

1.When i clicked on anyconnect vpn client software to establish anyconnect vpn,it receive certification from windows 2008 CA server which became faulty .

2.But when  I open it  https://public ip address:444 .Anyconnect vpn client receive certification from ASA .

 

My Q is :- When i will click on anyconnect vpn client software ,it will take certification from ASA instead of Windows2008 CA server .

 

Thanks&Regards

Arshad Ayub

Labels:
0 Helpful
4 Replies 4

pjain2
Cisco Employee
Cisco Employee

‎09-02-2015 11:51 PM

Hey Arshad,

 

are you using client certificate authentication for the anyconnect users?

please share the running config file from the ASA and also mention to which tunnel-group you will be connecting to?

 

Regards

0 Helpful

arshad_cisco86
Level 1
Level 1
In response to pjain2

‎09-07-2015 11:32 PM

Hi ,

 

Kindly look below configuration of Any Connect VPN

access-list SplitTunnelACL_webvpn standard permit 172.168.1.0 255.255.255.0

ip local pool AnyConnect-pool 10.10.10.1-10.10.10.254 mask 255.255.255.0

webvpn
 enable outside
 anyconnect image disk0:/anyconnect-win-3.0.08057-k9.pkg 1
 anyconnect enable


group-policy webvpnpolicy internal
group-policy webvpnpolicy attributes
 dns-server value 200.1.1.1
 vpn-tunnel-protocol ssl-client ssl-clientless
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value SplitTunnelACL_webvpn
 default-domain value 200.1.1.1
 address-pools value AnyConnect-pool

tunnel-group webvpngroup type remote-access
tunnel-group webvpngroup general-attributes
 address-pool AnyConnect-pool
 default-group-policy webvpnpolicy

username hello password hello encrypted privilege 15
username hello attributes
 vpn-group-policy webvpnpolicy

 


 username hello password hello privilege 15
 username hello attributes
vpn-group-policy webvpnpolicy

 

Regards

Arshad Ayub

 

 

 
0 Helpful

pjain2
Cisco Employee
Cisco Employee
In response to arshad_cisco86

‎09-09-2015 11:30 PM

please restate our requirement and issue again; the problem description is not clear

0 Helpful

arshad_cisco86
Level 1
Level 1
In response to pjain2

‎09-14-2015 12:54 AM

Hi Pjain ,

Problem:- when i tried any connect vpn to be established , it was authenticated from CA server of windows .My windows CA server is not working fine that's why need to be authenticated through ASA CA not window ca server 

 

Regards

Arshad Ayub

 

0 Helpful
Customers Also Viewed These Support Documents