Hi Guys,
I got a request from my customer:
He is using Anyconnect authentication AD + OTP (Freeradius) and now he wants to add authentication with machine certificate so only corporate computers are allowed to connect to the VPN and migrate it completelly to ISE.
My proposal is using ASA's double authentication feature:
- first authentication = machine cert
- second authentication AD + OTP with was machine authenticated rule on ISE.
It is my first thought and I'm gonna build a lab for this, but just want to know if it isn't totally out :)
Thank you!
SP.