https://community.cisco.com/t5/network-access-control/multi-factor-vpn-authentication-on-asa/m-p/1134467#M374152 <HTML><HEAD></HEAD><BODY><P>Cheers,</P><P></P><P>The reason why the asa authenticates to SDI or AD and not both has to do with the fact that you need to have your AD integrated with your Token server, ASA will prompt for username and password and the AD server will instruct the ASA to request token only if this AD has the correct integration with SDI, check google for this features with AD and SDI.</P></BODY></HTML> Sat, 10 Jan 2009 00:05:24 GMT Ivan Martinon 2009-01-10T00:05:24Z https://community.cisco.com/t5/network-access-control/multi-factor-vpn-authentication-on-asa/m-p/1134466#M374121 <P>Can the ASA be configured to leverage XAuth against both SDI (RSA token) and Windows AD? It seems we can configure only one or the other but not both. For example, if we configure authentication using SDI, the VPN client only prompts for a username and passcode. Is there a way to implement so that we are prompted for a username, passcode (RSA) and password (Windows AD via RADIUS)?</P> Sun, 10 Mar 2019 23:15:54 GMT https://community.cisco.com/t5/network-access-control/multi-factor-vpn-authentication-on-asa/m-p/1134466#M374121 bdavis 2019-03-10T23:15:54Z https://community.cisco.com/t5/network-access-control/multi-factor-vpn-authentication-on-asa/m-p/1134467#M374152 <HTML><HEAD></HEAD><BODY><P>Cheers,</P><P></P><P>The reason why the asa authenticates to SDI or AD and not both has to do with the fact that you need to have your AD integrated with your Token server, ASA will prompt for username and password and the AD server will instruct the ASA to request token only if this AD has the correct integration with SDI, check google for this features with AD and SDI.</P></BODY></HTML> Sat, 10 Jan 2009 00:05:24 GMT https://community.cisco.com/t5/network-access-control/multi-factor-vpn-authentication-on-asa/m-p/1134467#M374152 Ivan Martinon 2009-01-10T00:05:24Z