Anyconnect automatic conn profile selection based on certificate?
I am trying to accomplish next scenario:
a) ASA is configured as local CA and it issues certificates for Anyconnect VPN clients - OK
b) when VPN user install issued certificate in its Personal folder that certificate should be used for authentication
Now, the following is what I want to do:
1) when user goes to https://ip_add_ASA it should be automatically authenticated with certificate. It is not the problem even if pop up window appears asking to choose certificate, but it would be nice if that would go automatically
2) using cert -> tunnel group map it should be connected using THAT specific connection profile, and then anyconnect installation should start, together with downloading profile for that specific group-policy, which is connected to that specific tunnel-group.
I was able to do all of the above when I use DefaultWebVP group. So, is it possible to do it like this without enabling tunnel list under webvpn:
A) user has a cert and he goes to https://ip_add_ASA. ASA automatically search for cert in Personal container (since the ASA is issuer)
B) user is authenticated ONLY with that cert and automatically connected via SSL using tunnel-group defined in cert -> tunnel-group map
C) at the end anyconnect client is downloaded and installed, together with predefined profile, which user CANNOT change
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...