10-15-2018 01:56 PM - edited 02-21-2020 08:21 AM
I have been trying to configure 2FA for the ASDM UI for our ASA 5512-X. There has been no success and it seems that there is no software solution. Yes, there is 2FA for Any Connect and for VPN, but not for an administrator using ASDM. This is something that is being pushed for security reasons of course. Is there any one who knows how to do it natively or is there a 3rd party software application that can do the job.
Thank you,
Robert
10-16-2018 01:50 AM - edited 10-16-2018 01:50 AM
Hi,
We use Azure MFA server and the configuration is near identical to creating radius configuration on NPS. For the ASA define your radius servers, which is our MFA server i.e.
aaa-server RADIUS (inside) host x.x.x.x
timeout 60
key xxxxx
We increase the timeout value to cater for user input of their preferred MFA method, phone call, sms, app.
Configure the AAA statements
aaa authentication ssh console RADIUS LOCAL
aaa authentication enable console RADIUS LOCAL
aaa authentication http console RADIUS LOCAL
On the MFA server need to define the client (ASA) and what AD group etc an admin is a memberof. You may wish to define other radius attributes. That's about it. You can test via the cli with the below.
test aaa-server authentication RADIUS host x.x.x.x username xxxx password xxxxx
Joel
10-16-2018 10:01 AM
Joel,
Thanks for the reply. We don't use Azure here as everything is on a classified system and the last thing the boss wants to do is to add another server. We currently use TACACS for logging into the firewall per security requirement, I am looking to use a token/CAC solution to meet newer security requirements. The best solution is to be able to reference the CAC/token for identity via a certificate and either verify against AD or the Cisco's ISE server's internal identity store.
Again, thank you for your response.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide