Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
1
Replies

ASA and RSA Securid and TMG

markcervantes
Level 1
Level 1

‎02-05-2018 03:16 PM

Not sure it it's even possible, have never used ASA. We have been tasked with implementing multifactor authentication.  Our plan is to use an ASA vpn with RSA. But our current VPN access is with TMG servers that are configured with their own access permissions. Is it possible to setup a anyconnect vpn connection integrated with RSA SecureID and then create a Microsoft pptp vpn connection to the TMG server in order to use its access rules? If it is possible please send me any reference docs.

Labels:
0 Helpful
1 Reply 1

Jonatan Jonasson
Level 4
Level 4

‎03-29-2018 02:38 PM

Regarding AnyConnect and RSA SecurID integration, yes that is possible and you can use either the SDI protocol or RADIUS between ASA & the SecurID AM.

There are implementation guides availabe from RSA (https://community.rsa.com/docs/DOC-62877 for example) and a number of posts on the Cisco community forums on the subject. This is usually pretty straightforward.

I'm not sure if you can then run Microsoft PPTP to the TMG gateway within the AnyConnect VPN connection.

However, considering additional packet overhead, complexity and I understand that the TMG is end of life, I would suggest that you would look at ways to redesign this remote-access scenario so you would not need multiple VPN solutions on top of each other.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card