cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2596
Views
5
Helpful
2
Replies

2 Factor Authentication for Administration on ASA

Jonathan Van Vuren
Cisco Employee
Cisco Employee

A customer has multiple ASAs set up mulit context. They would like to use 2 Factor authentication for admin access control, and have tried unsuccesfully with ACS.

Would this be possible using ISE with the Device Administration License?

From the customer for more color:

We’ve tried it with ACS, and it’s not supported that way either. I think the challenge from what I see in the logs is that there is a reauthentication that occurs every time you switch contexts. That wouldn’t work with SecurID which acts as an OTP.

1 Accepted Solution
2 Replies 2

vibobrov
Cisco Employee
Cisco Employee

Starting with version 5.5, ACS has the ability to cache the passcode for up to 5 minutes without going back to the RSA server. It will introduce a security hole, but will give you the ability to switch contexts without re-prompts, at least for 5 minutes.

ISE does not have this feature yet.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: