https://community.cisco.com/t5/network-security/two-factor-authentication-acs-vs-asa/m-p/2094254#M921032 <HTML><HEAD></HEAD><BODY><P>Hello Nick,</P><P></P><P>Thank you for answer.</P><P>I'll check that.</P><P></P><P><STRONG>My current scenario:</STRONG></P><P></P><P>ACS v5.x + Active Directory (RADIUS)</P><P>ASA - SSL VPN (authentication radius)</P><P></P><P>I'll need to provide more one factor authentication with another "External Radius Server" and it will request to a OTP.</P><P></P><P>Regards.</P></BODY></HTML> Thu, 13 Dec 2012 19:31:08 GMT rafael.samora 2012-12-13T19:31:08Z https://community.cisco.com/t5/network-security/two-factor-authentication-acs-vs-asa/m-p/2094252#M921030 <P>Hello,</P><P></P><P>I have one question about how to proceed (maybe one example or suggestion), to do authentication this way:</P><P></P><P><STRONG>Current scenario:</STRONG></P><P></P><P>ACS v5.x + Active Directory</P><P>ASA - SSL VPN (authentication)</P><P></P><P><STRONG>Future scenario:</STRONG></P><P></P><P>ACS v5.x + Active Directory <SPAN style="color: #ff0000;"><STRONG>and</STRONG></SPAN> External RADIUS or OTP (One-time Password)</P><P>ASA - SSL VPN (authentication)</P><P></P><P>Thank you &amp; Regards.,</P> Fri, 21 Feb 2020 12:48:10 GMT https://community.cisco.com/t5/network-security/two-factor-authentication-acs-vs-asa/m-p/2094252#M921030 rafael.samora 2020-02-21T12:48:10Z https://community.cisco.com/t5/network-security/two-factor-authentication-acs-vs-asa/m-p/2094253#M921031 <HTML><HEAD></HEAD><BODY><P>You will want to use NPS, the MS radius plugin.&nbsp; It will let AD do the authorization based on the username and will proxy the username and OTP to your 2FA server.&nbsp; </P><P></P><P>We have a helpful eGuide on adding two-factor authentication to your network available without registration here: </P><P><A class="jive-link-external-small" href="http://www.wikidsystems.com/learn-more/two-factor-authentication-white-papers">http://www.wikidsystems.com/learn-more/two-factor-authentication-white-papers</A><SPAN>.&nbsp; There's a Cisco example network client as well as another VPN and Linux via PAM.&nbsp; (Really, you need to refer to the Cisco docs, it's just for guidance.)&nbsp; While the guide uses the WiKID two-factor system the rest applies to any setup.</SPAN></P><P></P><P>HTH,</P><P></P><P>Nick&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P></BODY></HTML> Thu, 13 Dec 2012 19:01:34 GMT https://community.cisco.com/t5/network-security/two-factor-authentication-acs-vs-asa/m-p/2094253#M921031 nowen 2012-12-13T19:01:34Z https://community.cisco.com/t5/network-security/two-factor-authentication-acs-vs-asa/m-p/2094254#M921032 <HTML><HEAD></HEAD><BODY><P>Hello Nick,</P><P></P><P>Thank you for answer.</P><P>I'll check that.</P><P></P><P><STRONG>My current scenario:</STRONG></P><P></P><P>ACS v5.x + Active Directory (RADIUS)</P><P>ASA - SSL VPN (authentication radius)</P><P></P><P>I'll need to provide more one factor authentication with another "External Radius Server" and it will request to a OTP.</P><P></P><P>Regards.</P></BODY></HTML> Thu, 13 Dec 2012 19:31:08 GMT https://community.cisco.com/t5/network-security/two-factor-authentication-acs-vs-asa/m-p/2094254#M921032 rafael.samora 2012-12-13T19:31:08Z