https://community.cisco.com/t5/network-access-control/rsa-authentication/m-p/2347001#M5176 <P>Hi,</P><P></P><P>Is it possible for cisco ASA to support rsa second factor authentication for server access.</P><P>i.e the servers will be accessed from certain network segments, after the first level </P><P>username-password prompt , and upon user input of these credentials, the ASA should </P><P>prompt again for a second authentication.</P><P>Will the ASA prompt for this second authentication?</P><P></P><P>Thanks</P> Fri, 21 Feb 2020 18:28:35 GMT suthomas1 2020-02-21T18:28:35Z https://community.cisco.com/t5/network-access-control/rsa-authentication/m-p/2347001#M5176 <P>Hi,</P><P></P><P>Is it possible for cisco ASA to support rsa second factor authentication for server access.</P><P>i.e the servers will be accessed from certain network segments, after the first level </P><P>username-password prompt , and upon user input of these credentials, the ASA should </P><P>prompt again for a second authentication.</P><P>Will the ASA prompt for this second authentication?</P><P></P><P>Thanks</P> Fri, 21 Feb 2020 18:28:35 GMT https://community.cisco.com/t5/network-access-control/rsa-authentication/m-p/2347001#M5176 suthomas1 2020-02-21T18:28:35Z https://community.cisco.com/t5/network-access-control/rsa-authentication/m-p/2347002#M5177 <HTML><HEAD></HEAD><BODY><P>Yes the ASA supports two factor (or more accurately in this case, dual method) authentication. Assuming this is for a remote access VPN, when editing your AnyConnect Connection profile, there is an option under the advanced menu to enable a secondary authentication method.</P><P></P><P>I believe RSA might insist on being the first method according to <A href="http://packetized.wordpress.com/2010/08/21/dual-factor-authentication-on-asa-anyconnect-client/">one other post I have seen</A> but it can definitely be one of the two methods.</P><P></P><P>See screenshot below (click to enlarge):</P><P></P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/7/8/9/150987-asa%20dual.PNG" class="jive-image" /></P></BODY></HTML> Mon, 12 Aug 2013 06:24:40 GMT https://community.cisco.com/t5/network-access-control/rsa-authentication/m-p/2347002#M5177 Marvin Rhoads 2013-08-12T06:24:40Z https://community.cisco.com/t5/network-access-control/rsa-authentication/m-p/2347003#M5178 <HTML><HEAD></HEAD><BODY><P>Appreciate your reply Marvin, thanks.</P><P>This is not exactly for remote VPN , but this is more for server access. </P><P></P><P>Few servers are connected behind the firewall, admins access these servers for terminal services like ssh etc.</P><P>We want the asa to prompt for second authentication ( RSA ) when admins access these servers from network portion.</P><P></P><P>Please help with inputs.</P></BODY></HTML> Mon, 12 Aug 2013 06:53:04 GMT https://community.cisco.com/t5/network-access-control/rsa-authentication/m-p/2347003#M5178 suthomas1 2013-08-12T06:53:04Z https://community.cisco.com/t5/network-access-control/rsa-authentication/m-p/2347004#M5179 <HTML><HEAD></HEAD><BODY><P>For non-VPN through traffic the ASA supports something known as "aaa authentication match" method. I've not used it personally, only learned about it in CCNP Security material but there is a nice TAC tech note on it here:</P><P></P><P><A href="http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080ba6110.shtml">http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080ba6110.shtml</A><SPAN> </SPAN></P><P></P><P><SPAN>You should be able to use that with the authentication source (aaa server) being RSA.</SPAN></P></BODY></HTML> Mon, 12 Aug 2013 07:11:34 GMT https://community.cisco.com/t5/network-access-control/rsa-authentication/m-p/2347004#M5179 Marvin Rhoads 2013-08-12T07:11:34Z