cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
392
Views
5
Helpful
4
Replies
Highlighted

Cisco ASA AnyConnect MFA options

Hello Experts @Richard Burts  @balaji.bandi   @Marius Gunnerud  @Rob Ingram @Marvin Rhoads   @Giuseppe Larosa 

@Aref Alsouqi   @Mohammed al Baqari 

 

I am looking for options for 2nd factor authentication on Cisco ASA Any Connect VPN Connectivity?  Please also what kind of additional license or packages need.

 

I never implemented anything else than Domain authentication for it.

 

Thanks 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

There's many possibilities to solutions you can implement. 

You mention you know about domain integrations. If you're a user of Azure AD you can do O365 MFA with ASA along with SAML 2.0 - this will make your user management and MFA controllable from Office365 Administration.

 

Other solutions would be things like SMSPasscode which can fetch details by LDAP or Radius directly, and get 2FA by Call or SMS - newest version support app I believe as well.

Otherwise Cisco Duo MFA would be excellent, but comes with license requirements of course. 

View solution in original post

4 REPLIES 4
Highlighted
VIP Mentor

Highlighted
Hall of Fame Guru

In general, all of the MFA products (Duo, Okta, Microsoft etc.) are separate from the ASA and require their own licensing and administration. Each works well with an ASA (or FTD) remote access VPN; but it is generally recommended to take into account other systems in use or planned in your organization when choosing an MFA solution.

Highlighted
VIP Expert

You can have Duo is good, i also have good experience SAFEnet / or any MFA is good now a days. it is just addintional security for the layer of security.

 



BB


*** Rate All Helpful Responses ***

Highlighted
Beginner

There's many possibilities to solutions you can implement. 

You mention you know about domain integrations. If you're a user of Azure AD you can do O365 MFA with ASA along with SAML 2.0 - this will make your user management and MFA controllable from Office365 Administration.

 

Other solutions would be things like SMSPasscode which can fetch details by LDAP or Radius directly, and get 2FA by Call or SMS - newest version support app I believe as well.

Otherwise Cisco Duo MFA would be excellent, but comes with license requirements of course. 

View solution in original post

Content for Community-Ad