04-08-2020 10:26 AM
Hello all,
Currently I have AnyConnect (4.8.03036) VPN access through a FTD 2120 (6.3.0.3 Build 77) manged by FMC and authenticating via Duo Authentication proxy service on a MS domain controller.
Is it possible to also use a machine certificate in addition to AD/Duo and only allow company assets with a machine cert to connect? We have machine certs on the devices that are company owned that were generated by our Domain CA and pushed out via GPO.
Thank you!
04-08-2020 11:38 AM
Hi,
Never tried it with DUO, but i don't see why it wouldn't work. You would specify DUO as your authorization server in the connection profile configuration.
Regards,
Cristian Matei.
04-08-2020 09:27 PM
We added double authentication support until 6.4
If you upgrade to 6.4 or later you will be able to accomplish cert auth + duo.
-Gustavo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide