Before configuring the ASA firewall for AnyConnect VPN using an external certificate authority, you must disable the local CA on the ASA firewall. This ensures that certificates are authenticated against the external CA.

  1. Log in to the Cisco Adaptive Security Device Manager (ASDM) to configure your ASA firewall.

    Certs_Cisco_IPSec2

  2. Navigate to Configuration > Remote Access VPN > Certificate Management > Local Certificate Authority > CA Server .
  3. Select Disable.
  4. Select OK.

    Certs_Cisco_IPSec3

Next, you must Configure the ASA Firewall and AnyConnect Clients.