Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ASA SSL VPN cluster at different geographic location

We have ASA SSL VPN configured at different location and want them to be accessed over DNS name. DNS round robin is configured for two ASA but when we connect Anyconnect over DNS name it fails where as I am able to connect with physical IP address. ASA has a self signed certifcate on it so do I require to have a third party certificate for connecting over DNS name. 

Below is the message we get when connecting AnyConnect Client over DNS Name.

"AnyConnect was not able to establish a connection to the specified secure gateway. Please try connection again"

Cisco Employee

Re: ASA SSL VPN cluster at different geographic location

Do both self signed certificates on the ASA has Common Name (CN) configured as the DNS name that you use to connect with?

I am assuming that your DNS name does resolve to an ip address?

New Member

Re: ASA SSL VPN cluster at different geographic location


I defined identity certificate on both ASA VPN firewall with same cn name and assigned to outside interface. I tried connecting it fails with message "A certifcate problem has encountered. A VPN connection will not be established."

I checked the netstat output on the system and it shows me a multiple connection request to both ASA.

CreatePlease to create content