ASA 9.0(3) AnyConnect and NAC using Windows certificates
I am trying to setup an ASA 5510 running 9.0(3) as a VPN gateway for our remote laptop users.
Corporate laptops have all the latest anti virus protection etc. They also have a windows based certificate that authenticates them on our local WAPs and allows full access to our network.
We are trying to implement a similar solution when they are not on site, using the Cisco AnyConnect client (with two factor authentication). If they successfully authenticate *and* they have the correct windows cert they get to have full access to the corporate LAN. If they only authenticate and do not have a valid certificate, they get put into t different DMZ where all they can do is RDP to an RDP server.
Is that configuration doable? I have no issues with the non cert authentication part, but I am struggling a bit figuring out how to incorporate the windows cert authentication (via our Domain Controller) into the mix.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...