Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1174
Views
0
Helpful
2
Replies

Is this possible ? Multi-factor authentication through a combination of RSA token and Active Directory user account and authorisation using LDAP Security Group member check for remote access VPN in ASA firewalls

damode
Level 1
Level 1

‎10-01-2018 07:00 PM - edited ‎02-21-2020 08:18 AM

I am currently working on a POC to achieve Authentication and Authorisation for remote access VPN on ASA firewalls whereby RSA server and AD user account is used for authentication, and the LDAP - Security Group (SG) member check is used for authorisation.

 

Can someone please advise if the above solution is possible to achieve ? If yes, please direct to the right documentation for this.

 

Thanks in advance.

0 Helpful
2 Replies 2

Mohammed al Baqari
Level 11
Level 11

‎10-16-2018 11:17 PM

You need to use DAPs to apply security rules such as ACLs based on memberOf
attribute. This is after successful authentication against LDAP/RSA which
you can do by configuring LDAP aaa-server
0 Helpful

damode
Level 1
Level 1
In response to Mohammed al Baqari

‎10-17-2018 03:40 PM

Hi Mohammed,

Thanks for your response. My only main concern is whether the information retrieved about the user once RSA authenticates, would be able to accurately mapped to what LDAP can accept in order to provide authorisation for that user ? 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card