I want to build a DMZ with two or more similar but not identical web servers on separate subnets. I would like to use user certs to determine a users destination. The idea is to use an ASA. I'd like the ASA to be the target address. When the ASA receives the request it determines which segment of the DMZ the user should be directed to based on the users cert. Ideally I don't want to have to install software on the users machine. Can the ASA handle this?