Hi All,
A customer wants to authenticate Anyconnect VPN users from an ASA using the client installed certificate and then with AD. i.e. Is this a corporate device?
Would we recommend authenticating the cert on the ASA then passing the AD check to ISE or can we do both on the ISE which is the preferred option?
The ASA is running 9.2.1 so I believe there is no requirement for an IPN as the ASA can do the CoA.
Any configuration guidelines would be appreciated.
If in the future they want to perform posturing on the Clients, would this affect the recommended solution above?
Regards,
Paul.