Not sure if there is a solution out there yet. We recently purchased 2110 for VPN S2S and RA. We don't have ISE as it is out of our budget to house this. We are trying to see how we can control the RA computers that access our VPN. Has anyone found a work around to control only domain devices connect to RA VPN and none other or control device connectivity by MAC etc. Thanks.
I'm not aware of any other way to do this with the current 6.5 FTD release. It's not so hard to setup a Windows CA but managing it can be a bit challenging
As noted in the configuration guide, remote access VPN on FTD has limitations as follows:
The following AnyConnect features are not supported when connecting to an FTD secure gateway:
Secure Mobility, Network Access Management, and all other AnyConnect modules and their profiles beyond the core VPN capabilities and the VPN client profile.
Posture variants such as Hostscan and Endpoint Posture Assessment, and any Dynamic Access Policies based on the client posture.