Monday, March 29, 2021

Setting up a anyconnect with certificate authentication

hey,

After days of struggling i still can't find any solutions to my problem.

We have several ASA and one of them is about to be decomissioned so i pulled its conf and put it into another new ASA that will exclusively be configured for VPNs.

At first we decided to use LDAP authentication but after all the fact that the AD users credential are free on the internet (still encrypted) we changed to a cert authentication.

And here is my problem i pulled the old certificate from the previous ASA this certificate isn't outdated and still up for 1 year i installed it both in the machine and in the Identity certificates of the ASA.

The cert is associated with a single trustpoint so far and whenever i try to log it throught the anyconnect client i instantly get a certificate validation failure.

Logs from anyconnect only show : No valid certificates available for authentication.

and logs from asdm :

6 Mar 29 2021 17:01:57 Device selects trust-point ASDM_TrustPoint4 for client WAN:10.x.x.x/19305 to 10.x.x.x/443

6 Mar 29 2021 17:01:58 10.x.x.x 19305 Device completed SSL handshake with client WAN:10.x.x.x/19305 to 10.x.x.x/443 for TLSv1.2 session

Note that any other way of authentication works ldap or regular local AAA

also the p12 file is imported in the workstation aswell.



No comments:

Post a Comment