I am using a cisco asa5520 and i have set up remote access vpn with an AnyConnect connection profile.
In the connection profile i have set up that users should authenticate using both certificate and AAA.
Due to a high security requirement, the user certificate is issued from a 3rd party.
This is also working fine and the user now need a valid certificate and a username/password to authenticate successfully.
I added the CA certificate as a associated trustpoint on the ASA box to get the certificate verification working.
If Jane and Joe both have a valid certificate AND a valid username/password, Jane could authenticate using a combo of Joes certificate, and her Janes username/password. Both are valid (isolated), but i only want jane to be able to authenticate with her username/password/certificate. I guess i have to have som kind of mapping between the user certificate and the user object, and check this mapping during authentication. How can i accomplish this?
All users reside in an 2008 R2 Active Directory