Group policies don't work for L2TP VPN just for Anyconnect. The certificate is a requirement if you want to authenticate the users from LAN. Check it out: The MX will run through the following steps to identify AD group members and apply associated group policies: MX securely contacts the specified Domain Controllers for the AD domain, using TLS MX reads WMI logon events from the DC's security events, to determine which users are logged into which devices. MX binds to DCs using LDAP/TLS to gather each user's AD group membership. Group membership is added to a database on the MX. If a domain user's group membership matches an AD group policy mapping in Dashboard, the MX can apply the associated group policy to the user's computer. Because the MX is continuously gathering this information from the domain controllers, it is able to accurately apply the policy in real-time whenever a new user logs in. Note: At this time, the MX does not support mapping group policies via Active Directory for users connecting through the Client VPN.
... View more
