Hi Guys, I have been trying to configure any connect dual authentication factor with SCEP auto-enrollment. I was successful in configuring everything, including the LDAP-Map group redirection with both group-policies using simultaneous login 0 and the mapped with 3 simultaneous logins. Everything happens fine but the certificate authentication.
I can make the machine, the cel phone and other devices enroll correctly with the CA, but when it tries to authenticate it fails and the enrollment process happens again. I made some research and found out about the EKU bug with Cisco, but even matching the fields of EK and EKU the any connect client cannot match the certificate and the enrollment process loops itself forever. Last night it did the process 8 times until I stopped it manually and revoked the certificates. Can anyone help me finding out why the certificate is not being matched properly? Is there anything I should configure on the xml file? I am pretty sure it`s something on the certificate matching but I can`t find what. I`ll be very glad if you can help me. The attachment is the ASA lab configuration that I am using so far. Thank you, -- Bruno Silva Network Consultant Cisco CCNA/CCDA/CCNP/CCDP/CCSP Certified Arcsight Professional Certified - ACIA/ACSA
asa-show run.log
Description: Binary data
_______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc