Hello,
we've on our ASA/Firepower two Connection Profiles, authenticated with Cert only.
A map looks at the CN of the machine-cert and decides what Connection Profile is used, that's working perfect.
Now I'm trying to establish a Management Tunnel and I'm asking, if this can work with this cert-map?
I think everytime a client wants to connect, the map looks at the machine-cert of the client and pushes the client to the corresponding user-connection-profile and never to the management-tunnel-profile, am I right?