Anyconnect - Your Certificate is invalid for the selected group - Cisco ASA 5510
So I have been struggling with this one for a little while now. I am hoping someone on these board could possibly point out what I am missing here.
I have a Cisco ASA 5510 and am looking to deploy Anyconnect. I had everything working with a self-signed cert, but once I moved to a signed SSL cert (godaddy), things seemed to stop working.
The cert itself works fine, but I keep getting this error in the Anyconnect client: "Your certificate is invalide for the selected group". It seemeds to me that the my SSL group doesnt have permissions to authenticate? I am unsure.
My users are using AAA, which is pointing to my AD. The AD is working fine (I can SSH into the FW using AD authent).
I also seem to not be able to figure out which debug command would show me perhaps the 'point of failure' in the anyconnect ssl client connection. Which would be the best command to use in this case?
I went through so many forums, and I just seem to be missing something. Can anyone point me in a direction that I need to go? If there is anything else someone requires, please do not hesitate to let me know.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...