I've checked the certificate and those properties are present. I did read somewhere that there was a change at some point and the newer client requires the user certificate to have EKU Client Authentication and KU Digital Signature and Key Encipherment. If I use An圜onnect client 4.2 as installed on the firewall, the client lets me select the certificate, and then tells me no valid certificates are available. If I use An圜onnect client 3.0, I select the certificate and the VPN establishes correctly, and it all works as it should. When launching the VPN, I am prompted to select which certificate to use. For testing I've disabled automatic certificate selection. I've configured the An圜onnect profile and assigned it to the group policy. The user certificates are issued by a Windows 2012 R2 server. I've configured an An圜onnect VPN on the device and configured it to use Certificate authentication. I have an ASA 5515-X running 9.5(2)2 and An圜onnect 5. I'm at a loss with this problem and even TAC are struggling to provide me with an answer so I'm hoping one of you has dealt with this problem before.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |