I try to figure out how to exactly configure a secure two factor authentication with an AAA server (RADIUS) and certificate on Cisco ASA 5550 AnyConnect VPN.
AAA server authentication works fine but it is as solely factor not enough.
Therefore I tried to configure user specific certificates as second factor (because the key length is long enough against brute-forcing it) and delivered the users certificate as download on the ASA enrollment site after the users enter username and one time password.
Both together won't works.
Is there any forgotten setting to configure / change? Any suggestion would be great!
Thanks in advance!