at the moment we have the standard remote vpn for our users with office mode, authentication done through LDAP and MFA, which works perfectly, no complaints here until so far
but i want to start implement certificate based authentication on the remote vpn clients.
the CA is internal, our Active Directory will issue the certificates for the users.
i have an NPS server(RADIUS), policy is created, although could be wrongly configured.
i have the RADIUS server defined on the management.
but i am missing 2 steps :
1st : how do i enforce/allow users to user to use the certificate to authenticate.
2nd : could someone provide some step-by-step or a policy configuration for the NPs server
at the moment i have this :
and of course the firewalls defined as clients on the radius server.