09-02-2019 02:51 AM
Hello,
I'm looking to use both certificate authentication at asa level and authorization on ISE.
Anyconnect is able to send both certificate to ASA.
but i'm not able to Send both certificate from asa to ISE, is that possible?
Someone already try this ? it is possible to implement it ?
Thanks for your help
09-03-2019 10:12 AM
09-04-2019 02:22 AM
Thank you RJI.
To goal is to maintain authentication on ASA but autorization on ISE.
We are looking for autorization of both user and machine, but asa just sent one certificate not both.
The question is to know if it is possible to send both certificate (user + mùachine)
09-09-2019 02:38 AM - edited 09-10-2019 06:54 AM
Hi,
This looks similar to what I also want to achieve.
We could then authenticate both computer and user with less interaction by the user.
Two features which seem almost ideal, and nearly match the MS equivalent Always On seem to be:
Unfortunately, these both use Trusted Network Detection, which conflicts.
Management VPN Tunnel connects fine, but then Always-On VPN doesn't because it is then on the (limited) network.
I wonder if anyone else has tried this and found any workarounds?
Or if there is anything in the pipeline form Cisco to get this working which will greatly improve user experience?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide