If you are using a browser to intiate the VPN you cannot use device certificates for authentication. Only User certificates are supported. However, you can create a Hostchcker policy to check for a device certificate and then assign that policy the Realm. If you are using the Pulse client you can configure it to use the machine certificate store instead of the user store. Go into your Pulse connection set, and under "User Connection prefeernces" select "Select client certificate from machine certificate store".
... View more