cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

102
Views
5
Helpful
2
Replies
Cisco Employee

ISE VPN multifactor authentication

Hi all,

 

I am trying to use ISE to implement multi-factor authentication for VPN users. I know the easiest way to do this is to use the secondary authentication in ASA in order to  use two different identity stores and perform multi-factor authentication (I can point the primary authentication to ISE and the secondary authentication to a token server like RSA) however I would like to use ISE as the central point for authentication. Is it possible for ISE to perform Multi-factor authentication for example do a first authentication using the local database and perform a secondary authentication using a token server without enabling the secondary authentication feature in ASA?

Any comments are really appreciated. 

 

Regards!

 

 

2 REPLIES 2
Cisco Employee

Re: ISE VPN multifactor authentication

we have some references mentioned here for 2FA with ASA and ISE.

Thanks,

Nidhi

Cisco Employee

Re: ISE VPN multifactor authentication

Thanks Nidhi, is there a way that ISE can authenticate a user using 2 different Identity stores at the same time? for example authenticate the user against the internal data base and at the same time authenticate against an external data base and only if the user is successfully authenticated against the 2 identity stores allow access?

Regards!