Guest

Preview Tool

Cisco Bug: CSCuw29769 - Certificate map match on SubjectAltName URL component is not working

Last Modified

Sep 26, 2018

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.1(6)

Description (partial)

Symptom:
ASA certificate map is failing to parse Subject alternative name URI component . This can be seen in this message :

CRYPTO_PKI: Match of subject-alt-name field to map FAILED. Peer cert field: IP addr: 0.0.0.0, FQDN: <NULL>, user FQDN: <NULL>, User Principal Name(UPN): <NULL>, map rule: alt-subject-name co scheme:unmanaged. // no URI info is included here .

This is causing anyconnect client not to land on the correct tunnel group .

Conditions:
None
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.