Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2340
Views
5
Helpful
2
Replies

Cisco ASA- AnyConnect VPN - setting MFA

Go to solution
LovejitSingh130013
Level 1
Level 1

‎08-19-2021 10:53 AM

Hello Guys, 

@Rob Ingram  @balaji.bandi   @Richard Burts   @Joseph W. Doherty 

 

I had VPN setup with ASA with AD authentication with one of the server and its working flawless.

I want to setup 2 MFA with Duo or Azure MFA, which is better solution? 

Also, Is there any open-source options exist?

 

The other thing is when I want to setup MFA, I want to setup new instance/Profile of VPN where I can try this thing. 

The question how I can setup each instance/profile of vpn mapped to different dns entry?

 

Like for now, If I connect to vpn.xyz.com it gives me option to choose one of the both profiles. what I want is this:

vpn.xyz.com --> profile1

vpn2.xyz.com --> profile 2

 

Thanks,

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎08-19-2021 11:06 AM

@LovejitSingh130013 

Well this is a cisco forum, so lets just say Cisco DUO is better. It's a matter of opininon/personal experience really.

 

You'll want to use group-url when configuring, check out this link.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98580-enable-group-dropdown.html

 

View solution in original post

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni
In response to Rob Ingram

‎08-19-2021 12:39 PM - edited ‎08-19-2021 12:40 PM

Hi @LovejitSingh130013,

As @Rob Ingram said, this is Cisco forum, so we prefer Duo. You have multiple integration options for Duo, and they are all well described. You also have an option to go for a trial with Duo , so you can test it.

I also agree with Rob, you don't need to use different DNS name, you can use different tunnel-groups for this.

BR,

Milos

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎08-19-2021 11:06 AM

@LovejitSingh130013 

Well this is a cisco forum, so lets just say Cisco DUO is better. It's a matter of opininon/personal experience really.

 

You'll want to use group-url when configuring, check out this link.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98580-enable-group-dropdown.html

 

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni
In response to Rob Ingram

‎08-19-2021 12:39 PM - edited ‎08-19-2021 12:40 PM

Hi @LovejitSingh130013,

As @Rob Ingram said, this is Cisco forum, so we prefer Duo. You have multiple integration options for Duo, and they are all well described. You also have an option to go for a trial with Duo , so you can test it.

I also agree with Rob, you don't need to use different DNS name, you can use different tunnel-groups for this.

BR,

Milos

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card