01-24-2021 06:52 PM
Hello Experts @Richard Burts @balaji.bandi @Marius Gunnerud @Rob Ingram @Marvin Rhoads @Giuseppe Larosa
@Aref Alsouqi @Mohammed al Baqari
I am looking for options for 2nd factor authentication on Cisco ASA Any Connect VPN Connectivity? Please also what kind of additional license or packages need.
I never implemented anything else than Domain authentication for it.
Thanks
Solved! Go to Solution.
01-25-2021 10:09 AM
There's many possibilities to solutions you can implement.
You mention you know about domain integrations. If you're a user of Azure AD you can do O365 MFA with ASA along with SAML 2.0 - this will make your user management and MFA controllable from Office365 Administration.
Other solutions would be things like SMSPasscode which can fetch details by LDAP or Radius directly, and get 2FA by Call or SMS - newest version support app I believe as well.
Otherwise Cisco Duo MFA would be excellent, but comes with license requirements of course.
01-24-2021 11:48 PM
There many many MFA solutions, such as Cisco DUO https://duo.com or OCTA https://www.okta.com/products/adaptive-multi-factor-authentication/.
01-25-2021 12:34 AM
In general, all of the MFA products (Duo, Okta, Microsoft etc.) are separate from the ASA and require their own licensing and administration. Each works well with an ASA (or FTD) remote access VPN; but it is generally recommended to take into account other systems in use or planned in your organization when choosing an MFA solution.
01-25-2021 03:05 AM
You can have Duo is good, i also have good experience SAFEnet / or any MFA is good now a days. it is just addintional security for the layer of security.
01-25-2021 10:09 AM
There's many possibilities to solutions you can implement.
You mention you know about domain integrations. If you're a user of Azure AD you can do O365 MFA with ASA along with SAML 2.0 - this will make your user management and MFA controllable from Office365 Administration.
Other solutions would be things like SMSPasscode which can fetch details by LDAP or Radius directly, and get 2FA by Call or SMS - newest version support app I believe as well.
Otherwise Cisco Duo MFA would be excellent, but comes with license requirements of course.
06-13-2022 08:00 AM
Hello @Marvin Rhoads @Rob Ingram @AViftrup @balaji.bandi
I had profile setup with Azure MFA and it is working flawless but Anyconnect only prompt for credentials and go through MFA first time and then keep connecting automatic.
I want that it should atleast reprompt for credentials once a week.
06-13-2022 08:15 AM
@LovejitSingh130013 define the VPN timeout -vpn-session-timeout so the session ends after x minutes and the user is forced to re-authenticate.
06-13-2022 10:23 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide