I am trying to configure WebVPN on an ASA to first authenticate a users client certificate and then perform AAA authentication using a username/password pair prior to granting WebVPN access.
Can anyone confirm whether this is possible ?
So far I have client certificate authentication working , however acces is grated without ever prompting for AAA credentials.
My AAA configuration is working correctly as I can successfully authenticate users for access using AAA if I disable client certificate authentication.
In my webvpn tunnel group I have WebVPN authentication selected for both certifcate and AAA.
When I attempt to connect it the user certificate is authenticated successfully howver the ASA appears to be submitting the CN from the cert to the AAA server for authentication rather than prompting for AAA credentials.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...