In order to acomplish the AnyConnect authentication using certificates the AnyConnect client should get a valid certificate from the CA server, at the same time the ASA should have the CA Root certificate in order to properly validate the certificate of the connecting client. 1-) Make sure you have an AnyConnect image applied in the … More AnyConnect Certificate Based Authentication.

  Understanding NAT and NAT Rule Order (ASA 8.3/8.4 First of all, there is no such thing as ‘nat-control’ any more so you either define a NAT or you don’t. Traffic that does not match any NAT rules will be allowed to bypass the firewall without any translation (like NAT exemption but without explicitly configuring it, more … More Understanding NAT and NAT Rule Order (ASA 8.3+)