cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1184
Views
0
Helpful
2
Replies

ASA - AnyConnect - Want to terminate user based on certicate

kennethhandberg
Level 1
Level 1

Hello,

 

We are using AnyConnect AlwaysOn with certicate auth.
When PCs are stolen (it happens) - I would like to terminate the specific PC based on certicate name or PC name.

 

In the log, it looks like the PC-name comes in as Username

"Group <RemoteAccess-Cert-GrpPolicy> User <VK32851.domain.name>"

Can I just create a DAP where I terminate on Username?

 

1 Accepted Solution

Accepted Solutions

@kennethhandberg 

Ideally you'd revoke the certificate and get the ASA to check the CRL, which would then deny the connection.

 

Yes, DAP seems like a good alternative, match the username and terminate the connection.

View solution in original post

2 Replies 2

@kennethhandberg 

Ideally you'd revoke the certificate and get the ASA to check the CRL, which would then deny the connection.

 

Yes, DAP seems like a good alternative, match the username and terminate the connection.

Hello Rob,


Thanks for answering.
I'm gonna use OCSP for validation instead of CRL

 

 

Review Cisco Networking for a $25 gift card