Hi all
I'm doing some POC trials migrating an Anyconnect feature from ASA to FTD since Cisco has now released support for that. I'm using dual authentication where a certificate is used for getting username which is then used for assigning VPN policy. AAA i performed by Radius running as a Windows NPS service. It's working fine on the ASA platform but on FTD there is an issue with usernames containing non-unicode characters. As I operate in the Nordic countries this is a requirement.
The FTD validates the certificate and claims to parse the username properly but when I view the VPN Troubleshooting on the FMC it lists the name of the user, for example, as Gr??nkvist instead of Grönkvist. The NPS logs then says the received X509 username has the wrong domain name and when looking closely the domain name has been cut short.
This only occurs when the username has an "international character", otherwize the setup works fine. To me it seems like some parsing script breaks on the FTD.
Any thought?
Regards
Fredrik