Hi, I don't know about any dedicated doc for this feature but you can find something useful in command reference at: http://cisco.biz/en/US/docs/security/asa/asa82/command/reference/c5.html#wp2223884
Generally, the ASA matches tunnel-group based on OU in the client certificate. If you want to use different tunnel-group and match it to specific attribute in certificate subject name you must use cert map like: crypto ca certificate map CERT_MAP 10 subject-name attr C eq US ! tunnel-group-map CERT_MAP 10 TUN-GROUP tunnel-group-map enable rules HTH, Piotr 2011/1/11 Joshua Fedor (US) <[email protected]> > Can anyone direct me to some documentation on certificate matching examples > or syntax on the ASA? I know this can be done with a certificate map on a > router, but is there a similar command on an ASA? > > > > Thanks, > > Josh > > > > ------------------------------ > > * Disclaimer: This e-mail communication and any attachments may contain > confidential and privileged information and is for use by the designated > addressee(s) named above only. If you are not the intended addressee, you > are hereby notified that you have received this communication in error and > that any use or reproduction of this email or its contents is strictly > prohibited and may be unlawful. If you have received this communication in > error, please notify us immediately by replying to this message and deleting > it from your computer. Thank you. * > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
