I'm working on trying to utilize user certificates as a means to make our remote access VPNs more secure. The trouble I am having is in finding a way to tell the ASA to use the user certificates as part of then authentication process. Currently I have remote access VPN tunnels set up with pre-shared keys. Each user authenticates via a domain account through RADIUS. Rather than using just Group Authentication, I want to use Mutual Authentication so the user has to have a valid certificate issued through my Microsoft CA. My ASA has been authenticated with the Microsoft CA.
I guess the question is, how do I configured the remote access tunnel to use the user certificate as well?
I'm not find any good examples OR documentation on this. I'm to the point now that I have spent so much time looking at it that I just keep looking at the same things over and over again. I think I have tunnel vision.
Can someone PLEASE point me in the right direction...??
