Two factor authentication - ACS Vs ASA

rafael.samora · ‎12-13-2012

Hello,

I have one question about how to proceed (maybe one example or suggestion), to do authentication this way:

Current scenario:

ACS v5.x + Active Directory

ASA - SSL VPN (authentication)

Future scenario:

ACS v5.x + Active Directory and External RADIUS or OTP (One-time Password)

ASA - SSL VPN (authentication)

Thank you & Regards.,

nowen · ‎12-13-2012

You will want to use NPS, the MS radius plugin. It will let AD do the authorization based on the username and will proxy the username and OTP to your 2FA server.

We have a helpful eGuide on adding two-factor authentication to your network available without registration here:

http://www.wikidsystems.com/learn-more/two-factor-authentication-white-papers. There's a Cisco example network client as well as another VPN and Linux via PAM. (Really, you need to refer to the Cisco docs, it's just for guidance.) While the guide uses the WiKID two-factor system the rest applies to any setup.

HTH,

Nick

rafael.samora · ‎12-13-2012

Hello Nick,

Thank you for answer.

I'll check that.

My current scenario:

ACS v5.x + Active Directory (RADIUS)

ASA - SSL VPN (authentication radius)

I'll need to provide more one factor authentication with another "External Radius Server" and it will request to a OTP.

Regards.