No one will even try to help me? I am kinda desperate...=\
2014-04-25 8:34 GMT-03:00 Bruno Silva <[email protected]>: > Hi Guys, > > I have been trying to configure any connect dual authentication factor > with SCEP auto-enrollment. I was successful in configuring everything, > including the LDAP-Map group redirection with both group-policies using > simultaneous login 0 and the mapped with 3 simultaneous logins. Everything > happens fine but the certificate authentication. > > I can make the machine, the cel phone and other devices enroll correctly > with the CA, but when it tries to authenticate it fails and the enrollment > process happens again. > > I made some research and found out about the EKU bug with Cisco, but even > matching the fields of EK and EKU the any connect client cannot match the > certificate and the enrollment process loops itself forever. Last night it > did the process 8 times until I stopped it manually and revoked the > certificates. > > Can anyone help me finding out why the certificate is not being matched > properly? Is there anything I should configure on the xml file? > > I am pretty sure it`s something on the certificate matching but I can`t > find what. I`ll be very glad if you can help me. The attachment is the ASA > lab configuration that I am using so far. > > Thank you, > -- > Bruno Silva > Network Consultant > Cisco CCNA/CCDA/CCNP/CCDP/CCSP Certified > Arcsight Professional Certified - ACIA/ACSA > -- Bruno Silva Network Consultant Cisco CCNA/CCDA/CCNP/CCDP/CCSP Certified Arcsight Professional Certified - ACIA/ACSA
_______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
