What we are considering is having the anyconnect client initially connect to the Cisco ASA, then have the ASA pass the authentication information back to the RADIUS server. This RADIUS server will then decide whether the user is allowed to connect or not based on what certificate, username, and password they provide.
PEAP - TLS allows for the use of certificates, and for usernames and passwords all to be validated in RADIUS. Our question is whether or not the AnyConnect client can provide this authentication information in the PEAP-TLS format or not, and if it can, how do we configure it.