08-11-2014 01:11 AM - edited 02-21-2020 07:46 PM
Hi Guys
We are currently designing an anyconnect two factor VPN solution utilizing AD credentials and ADCS published user certificates for auth.
The solution is currently configured and working, with the ASA performing cert validation and the ISE handling AAA.
I would like to know wheter it is possible for the ASA to pass the certificate validation part of the authentication to the
ISE instead of having the cert validation happening on the ASA as described in the CVDs. Reason being, we would like to consolidate the auth on the ISE only. We will be running ASA 9.1(2) and ISE 1.2p8.