02-05-2018 05:28 AM - edited 02-21-2020 10:44 AM
I required help to configure Cisco Any connect VPN two factor authentication with ISE. ISE have to authenticate users with Domain credentials as primary and One time Password (OTP) which ISE needs to send extracting phone information from AD.
Basically when user try to connect Cisco AnyConnect, ASA will ask radius authentication to ISE 2.2. ISE will verify the login credentials to domain controller and once user authentication pass, it should prompt for OTP as second factor authentication at the same time ISE have to send SMS to user mobile number which it can extract from domain controller.
Requesting you to help on implementing this solution.
Regards
Ashish Shah
02-05-2018 02:47 PM
02-05-2018 09:12 PM
Hi
Thanks for the reply.
I am bit confused. Basically then how, ISE sends SMS for Guest portal.
We have OTP server as well, so how to set up Cisco ISE authentication policy for two factor authentication?
02-06-2018 08:21 AM
02-07-2018 09:10 PM
Hi
We have some third party OTP server with Windows Radius which we will be using now as an authentication server. So not involving ISE at all in authentication process.
Will there any configuration required related to 2 factor authentication on Cisco ASA? Currently i will be planning to do following tunnel-group configuration.
tunnel-group AnyConnect-Test type remote-access
tunnel-group AnyConnect-Test general-attributes
authentication-server-group RADIUS
default-group-policy AnyConnect
tunnel-group AnyConnect-Test webvpn-attributes
group-url https://test.xyz.com/Remote-VPN enable
Regards
Ashish Shah
02-08-2018 06:02 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide