Hey all I setup smart card 2FA with firepower previously. The way it worked is in order to establish VPN the smartcard was looked at by the anyconnect client for certificate for which a PIN was entered then VPN established. I am trying to do the same with ASA 9.3 (2)204 and the VPN established but is not using the certificate on the smart card but rather the CA certificate from the local machine certificate store. How do I get the VPN to authenticate using the certificate on the actual smart Card??? I guess to summarize is not matter what i have tried here the anyconnect client does not seem to select the user cert for VPN establishment. Also if I override the automatic certificate selection  and manually select my smart card user certificate it does prompt for pin but then says  certificate validation failure on tryng to connect. I have not logged into the local subnet directly yet where the certificate authority is and only over the domain so maybe that has something to do with it or the fact that this 5512 ASA is EOL and using todays anyconnect client just not going to work for user certificates on smart cards?