distinguishing between certs for anyconnect VPN access
How can I distinguish between certificates for authorizing anyconnect VPN access?
Our certificates are being generated by microsoft with auto-enrollment.
It appears as though you can apply different connection profiles based on the fields in the subject of the certificate..and then ultimately apply a group profile based on the connection profile....but the fields in the subject are being autopopulated by data from AD.
For example, we have certificate A which has a keylen of 1024...generate new certs with keylen of 2048. We need to 1024 certs for another application so we cannot revoke/remove them...how can I ensure VPN users can only authenticate with a 2048 Cert?
Or another use case...I install one cert on a notebook computer, and another one on a desktop. I want to distinguish between the types of access I grant to a desktop Vs. a laptop...is there a way to have anyconnect identify some unique parameter of the certificate so that authentication with one yields different results from authentication with the other? Another possible use case for this could be trying to distinguish between a personally owned iphone and a corporate owned iphone....or a high security ipad used for specific applications only vs an end user BYOD ipad.
Threat Response Basics
What is Threat Response and how can it help my organization?
What is the cost of Threat Response?
What are the deployment options for Threat Response?
Is Threat Response available outside of the United States?
Gartner has once again named Cisco a Leader in the Magic Quadrant for Network Firewalls. This distinction recognizes Cisco's ingenuity in redefining the firewall as the basis for an integrated security platform.
Find out how Cisco stands out from the comp...
Hi experts,I would like any suggestions on this topology. We are is the middle of replacing our old ASA5520 with the new FirePower. Our current firewall terminate our IPsec tunnels and the GRE is terminated on the first inside router's loopback on the sec...
Hi All, A customer wants to authenticate Anyconnect VPN users from an ASA using the client installed certificate and then with AD. i.e. Is this a corporate device?Would we recommend authenticating the cert on the ASA then passing the AD check to ISE ...
Hello Team, we are getting alert in FMC stating policy deployment failed, we are running on 6.2.0 version and not sure which version is stable version to re mediate this issue, in one event i have seen restart will resolve this issue but is it perman...