Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We're in the process of laying the groundwork for using AAA+Cert auth for VPN connectivity but we've hit a bit of a SNAFU. In the AnyConnect config on the ASA we've specified Certificate Store Override and Automatic Certificate Selection in preparati...
One note that I would add for anyone looking to utilize this solution with TrustSec, it does not appear that you're required to send the Generation ID as a part of the attribute-value-pair (based on my limited testing). This is the number that occurs...
This post is nearly 7 years old but I'm in the same scenario, is it still the case that there's no mechanism to do conditional authorizations based on which posture check failed?
Shouldn't the "Eduroam_User_Local" authorization condition still require @<your_domain.edu>? Without it, you're allowing your local users to authenticate without a realm. That works great for those that remain local, but it would break the ability to...
In case anyone stumbles upon this in the future, this bug is marked as fixed in AnyConnect 4.9.00086. In my testing I have not been able to reproduce the issue.
We were provided with a hotfixed version of AnyConnect that seems to resolve the issue but since we've already worked around the problem we opted to wait for the next GA release. Rumor has it this will be sometime in June.
