https://community.cisco.com/t5/network-access-control/autentication-of-users/m-p/1489885#M332055 <HTML><HEAD></HEAD><BODY><P>Thanks that helped abit. Now it works like this:</P><P>1. User enters the IP of the ASA and gets promted for username and password, that is located in a Windows AD.</P><P>2. The authentication request is forwarded from the ASA to an ACS using TACACS+</P><P>3. The ACS checks in the Windows AD if the user is valid</P><P>4. If valid then Anyconnect is downloaded fråm the ASA to the users computer and the VPN is working.</P><P></P><P>Now I want to have this working with RSA SecurID token. How do I enable this in the ASA and the ACS? Do I still use TACACS+ between the ASA and the ACS or should I change it to SDI?</P><P>I can't seem to find any good guide on how to configure this. Atleast not with the users in AD.</P></BODY></HTML> Sat, 08 May 2010 09:05:43 GMT pvn050011 2010-05-08T09:05:43Z https://community.cisco.com/t5/network-access-control/autentication-of-users/m-p/1489883#M332000 <P>Hello.</P><P>I am setting up a test lab where the users will connect to a ASA 8.3 with SSL VPN Anyconnect. I have tested to se that the user can login with with name/password that is in the local database in the ASA, but we need to use one time passowords with RSA hardware tokens and have the users in a Windows AD and I have no ide how to configure that.</P><P></P><P>Behind the ASA I will have an ACS server that will point to the RSA server and a Windows AD. Do you have any configuration guides on this? It is mostly the config in ASA that I need a guide for, since I never really worked with ASA before. How do I get the Anyconnect to promt for username, password and RSA password?</P><P>I have never used Anyconnect before ether.</P><P></P><P>I am using ASA 5520 8.3 with ASDM 6.3, ACS 4.2, RSA 7.1 (or 6.1) and Windows 2003 enterprise.</P><P></P><P>/Ph</P> Mon, 11 Mar 2019 00:06:54 GMT https://community.cisco.com/t5/network-access-control/autentication-of-users/m-p/1489883#M332000 pvn050011 2019-03-11T00:06:54Z https://community.cisco.com/t5/network-access-control/autentication-of-users/m-p/1489884#M332034 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>hope this helps</P><P></P><P></P><P><A class="active_link" href="http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html#anchor10">http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html#anchor10</A></P><P></P><P>regds</P></BODY></HTML> Wed, 05 May 2010 10:49:42 GMT https://community.cisco.com/t5/network-access-control/autentication-of-users/m-p/1489884#M332034 spremkumar 2010-05-05T10:49:42Z https://community.cisco.com/t5/network-access-control/autentication-of-users/m-p/1489885#M332055 <HTML><HEAD></HEAD><BODY><P>Thanks that helped abit. Now it works like this:</P><P>1. User enters the IP of the ASA and gets promted for username and password, that is located in a Windows AD.</P><P>2. The authentication request is forwarded from the ASA to an ACS using TACACS+</P><P>3. The ACS checks in the Windows AD if the user is valid</P><P>4. If valid then Anyconnect is downloaded fråm the ASA to the users computer and the VPN is working.</P><P></P><P>Now I want to have this working with RSA SecurID token. How do I enable this in the ASA and the ACS? Do I still use TACACS+ between the ASA and the ACS or should I change it to SDI?</P><P>I can't seem to find any good guide on how to configure this. Atleast not with the users in AD.</P></BODY></HTML> Sat, 08 May 2010 09:05:43 GMT https://community.cisco.com/t5/network-access-control/autentication-of-users/m-p/1489885#M332055 pvn050011 2010-05-08T09:05:43Z