cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1126
Views
0
Helpful
2
Replies

ASA - AnyConnect - Want to terminate user based on certicate

kennethhandberg
Level 1
Level 1

Hello,

 

We are using AnyConnect AlwaysOn with certicate auth.
When PCs are stolen (it happens) - I would like to terminate the specific PC based on certicate name or PC name.

 

In the log, it looks like the PC-name comes in as Username

"Group <RemoteAccess-Cert-GrpPolicy> User <VK32851.domain.name>"

Can I just create a DAP where I terminate on Username?

 

1 Accepted Solution

Accepted Solutions

@kennethhandberg 

Ideally you'd revoke the certificate and get the ASA to check the CRL, which would then deny the connection.

 

Yes, DAP seems like a good alternative, match the username and terminate the connection.

View solution in original post

2 Replies 2

@kennethhandberg 

Ideally you'd revoke the certificate and get the ASA to check the CRL, which would then deny the connection.

 

Yes, DAP seems like a good alternative, match the username and terminate the connection.

Hello Rob,


Thanks for answering.
I'm gonna use OCSP for validation instead of CRL

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking products for a $25 gift card