Hi, All
I've been running an FTD and an ASA using AAA (Windows NPS) authentication for quite some time, but it's become apparent that I need to do cert auth as well to keep users from downloading our client and connecting their personal computers.
I can't do machine group on the AAA (NPS) side because I have some users with Mac devices not joined to the domain. They are, however, managed by JAMF so I can push a certificate to them when needed.
I understand how to make the Connection Profile change to AAA+Certificate on both the ASA and the FTD, but what I don't understand, is how to tell it what certificates to accept. I want to use the already issued domain certificates on the computers (and we'll enroll the Macs via our Enterprise Sub-CA), but really don't understand how to tell the FTD or the ASA to ONLY accept machine certs issued from our Root CA chain.
I've gone through the documentation, and I'm obviously missing something big here. Anyone have any hints?
No comments:
Post a Comment