cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1160
Views
5
Helpful
2
Replies
Highlighted
Cisco Employee

2 Factor Authentication for Administration on ASA

A customer has multiple ASAs set up mulit context. They would like to use 2 Factor authentication for admin access control, and have tried unsuccesfully with ACS.

Would this be possible using ISE with the Device Administration License?

From the customer for more color:

We’ve tried it with ACS, and it’s not supported that way either. I think the challenge from what I see in the logs is that there is a reauthentication that occurs every time you switch contexts. That wouldn’t work with SecurID which acts as an OTP.

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: 2 Factor Authentication for Administration on ASA

2 REPLIES 2
Cisco Employee

Re: 2 Factor Authentication for Administration on ASA

Cisco Employee

Re: 2 Factor Authentication for Administration on ASA

Starting with version 5.5, ACS has the ability to cache the passcode for up to 5 minutes without going back to the RSA server. It will introduce a security hole, but will give you the ability to switch contexts without re-prompts, at least for 5 minutes.

ISE does not have this feature yet.