Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 3913 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM - Cisco Anyconnect Client Certificate Enrollment Failed

Christian Kelly

Hello All,

 

We are having a problem with client machines accessing an external VPN(another company that is a customer). We can successfully connect/authenticate/establish the VPN connection to the customers device(assumed ASA in this case). After the first connection the VPN automatically enrolls the client machine for a cert process(this part is fuzzy right now) and then auth is done via Cert and not RSA in the VPN client. The issue occurs during this certification enrollment. 

 

When we remove the Sophos UTM from the equation by using an MIFI hotspot on a PC(including one that previously failed this process). The cert enrollment succeeds without a hitch. 

 

so far i have tried the following

exemptions for destination (hostname) and source device(IP) in IPS with all boxes checked.

exemptions for source device(IP) in Web Protection>Filtering Options

exemptions for source device(IP) in Transparent Mode Skiplist (We are using Transparent Mode)

Firewall rules for https to destination(hostname)

 

Scanning through the logs(IPS,Web Filtering, and Firewall) while its trying to connect hasn't shown any drops/blocks associated with the client IP or the destination of the VPN.

 

Any advice would be greatly appreciated.



This thread was automatically locked due to age.
  • 0

    Hi, Christian, and welcome to the UTM Community!

    Can you find any lines in any log file related to this issue?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I went through the firewall/IPS/Web logs and found a few hiccups coming from my source, but allowing the traffic through didn't seem to have any effect. I am very much stumped on this issue. 

  • 0 in reply to Christian Kelly

    Christian, please be specific about what you see that causes you to reach the conclusions you have.  If you see any lines in a log related to the traffic, show those lines.  It's really difficult to work without raw data.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner