cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1687
Views
5
Helpful
2
Replies
Highlighted
Cisco Employee

2 Factor Authentication for Administration on ASA

A customer has multiple ASAs set up mulit context. They would like to use 2 Factor authentication for admin access control, and have tried unsuccesfully with ACS.

Would this be possible using ISE with the Device Administration License?

From the customer for more color:

We’ve tried it with ACS, and it’s not supported that way either. I think the challenge from what I see in the logs is that there is a reauthentication that occurs every time you switch contexts. That wouldn’t work with SecurID which acts as an OTP.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee
2 REPLIES 2
Highlighted
Cisco Employee
Highlighted
Cisco Employee

Starting with version 5.5, ACS has the ability to cache the passcode for up to 5 minutes without going back to the RSA server. It will introduce a security hole, but will give you the ability to switch contexts without re-prompts, at least for 5 minutes.

ISE does not have this feature yet.

Content for Community-Ad