05-06-2020 09:52 PM
I’m working to get my ISE situated as radius for RA VPN Authentication, authorization and posture. We’re also using MFA for authentication purposes with ISE.
I’m currently planning on to do 60 sec time-out on aaa-server on ASA. Do you think it’s a good value to proceed with? Does anybody have similar setup? What’s is the time-out value you are using and how is working out on you? Thanks
Solved! Go to Solution.
05-08-2020 06:02 AM
60 seconds is a common value used here. Just make sure you think through the math when you setup the MFA connector in ISE. If you setup the timeout to MFA in ISE to 15 seconds with 2 retries that means ISE is going to take 45 seconds to realize the first MFA server is down before switching over to the second. So the 60 second window on the ASA would facilitate that.
05-07-2020 03:02 PM
Some environment it is big if the user only using for device management access, some use case or different.
here is good document i refer always, Loweer is better my suggest.
05-08-2020 06:02 AM
60 seconds is a common value used here. Just make sure you think through the math when you setup the MFA connector in ISE. If you setup the timeout to MFA in ISE to 15 seconds with 2 retries that means ISE is going to take 45 seconds to realize the first MFA server is down before switching over to the second. So the 60 second window on the ASA would facilitate that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide