Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
879
Views
0
Helpful
2
Replies

How to make ASA use with 2-factor authentication

wmmak
Level 1
Level 1

‎06-15-2006 11:21 AM - edited ‎03-10-2019 02:37 PM

Hi all,

How can ASA work with external 2-factor authentication, i.e. like RSA?

1. Can we setup as ASA<-->RSA server

or

2. ASA<-->Cisco ACS<-->RSA server??

Thanks a lot in advance.

Regards,

mak

Labels:
0 Helpful
2 Replies 2

danieldca
Level 1
Level 1

‎06-18-2006 07:39 PM

Hi Mak,

If you have already a Cisco ACS server there, it will be advisable to do the AAA through it [via TACACS+] and forward the user authentication [in Cisco ACS] to an external [password] database server like the RSA ACE server [via the SDI plug-in in Cisco ACS].

That is, on the ASA box implement AAA via TACACS+ [running on your Cisco ACS server] and verify the Authentication via the Cisco ACS database.

Then, in the Cisco ACS server configuration, firstly configure an external database server --via the SDI server plug-in- to forward the requests to your RSA ACE server, and then configure the required [ASA] users to verify their password on this external [password database] server.

Daniel

0 Helpful

grant.maynard
Level 4
Level 4

‎06-21-2006 07:38 AM

ASA supports additional AAA server types - kerberos, ldap, nt, radius, sdi, or tacacs+. See http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/aaa.htm#wp1053066

I have done RSA token server by using RADIUS - with ACS between, and also direct PIX-RSA.

0 Helpful
Customers Also Viewed These Support Documents