Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1128
Views
0
Helpful
2
Replies

ASA - AnyConnect - Want to terminate user based on certicate

Go to solution
kennethhandberg
Level 1
Level 1

‎09-28-2021 01:49 AM

Hello,

 

We are using AnyConnect AlwaysOn with certicate auth.
When PCs are stolen (it happens) - I would like to terminate the specific PC based on certicate name or PC name.

 

In the log, it looks like the PC-name comes in as Username

"Group <RemoteAccess-Cert-GrpPolicy> User <VK32851.domain.name>"

Can I just create a DAP where I terminate on Username?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎09-28-2021 02:02 AM

@kennethhandberg 

Ideally you'd revoke the certificate and get the ASA to check the CRL, which would then deny the connection.

 

Yes, DAP seems like a good alternative, match the username and terminate the connection.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎09-28-2021 02:02 AM

@kennethhandberg 

Ideally you'd revoke the certificate and get the ASA to check the CRL, which would then deny the connection.

 

Yes, DAP seems like a good alternative, match the username and terminate the connection.

0 Helpful

Go to solution
kennethhandberg
Level 1
Level 1
In response to Rob Ingram

‎09-30-2021 02:02 AM

Hello Rob,


Thanks for answering.
I'm gonna use OCSP for validation instead of CRL

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card