We are using AnyConnect AlwaysOn with certicate auth.When PCs are stolen (it happens) - I would like to terminate the specific PC based on certicate name or PC name.
In the log, it looks like the PC-name comes in as Username
"Group <RemoteAccess-Cert-GrpPolicy> User <VK32851.domain.name>"
Can I just create a DAP where I terminate on Username?
Go to Solution.
Ideally you'd revoke the certificate and get the ASA to check the CRL, which would then deny the connection.
Yes, DAP seems like a good alternative, match the username and terminate the connection.
View solution in original post
Thanks for answering.I'm gonna use OCSP for validation instead of CRL
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: