SEC0406 – Firepower 7.0 AnyConnect VPN Certificate Authentication Windows (Part 2)

Sometimes having to inform user about group url is not what we want to do, a better option that is present is to allow ask firepower to look at attributes of the certificate and then map them to connection profiles called certificate map

This way we can say that if OU in subject is home.local
This way is if user has correct certificate they will never have to worry about the group URL

show running-config crypto ca certificate map

debug webvpn 127 debug crypto ca 14