This document deals with the different types of authentication methods that can be used for AnyConnect VPN on ASA.
Types of authentication
Following is the list of authentication methods available for AnyConnect VPN:
• RADIUS with Password Expiry (MSCHAPv2) to NT LAN Manager (NTLM)
• RADIUS one-time password (OTP) support (state/reply message attributes)
• RSA SecurID (including SoftID integration)
• Active Directory/Kerberos
• Embedded Certificate Authority (CA)
• Digital Certificate/Smartcard (including Machine Certificate support), auto- or user-selected
• Lightweight Directory Access Protocol (LDAP) with Password Expiry and Aging
• Generic LDAP support
• Combined certificate and username/password multifactor authentication (double authentication).
Various encryption methods supported by AnyConnect VPN are listed below:
Strong encryption, including AES-256 and 3DES-168. (The security gateway device must have a strong-crypto license enabled.)
Next-Generation Encryption, including NSA Suite B algorithms, ESPv3 with IKEv2, 4096-bit RSA keys, Diffie-Hellman group 24, and enhanced SHA2 (SHA-256 & SHA-384). (Only applies to IPsec IKEv2 connections. Cisco AnyConnect Premium license required.)
From security standpoint, it does not matter much which Encryption method is being used since IKE will anyway encrypt the traffic between the client and the head end.
ASA9.1(5)ASDM 771I used vpn wizards to configure ssl vpn client ( AnyConnect)1- when i try to transfer operations on the asa device, i see this "big list" of commands called AnyConnect_Client_Local_Print ACL !!I couldn't not cancel it and i don't und...
Hi All, Would like some configuration guide on the attached setup for the cisco asa anyconnect behind another firewall. The perimeter firewall will have public IP address natted to the cisco asa interface (using private ip address). However, in this ...
Hello All, I am facing issue in Cisco ISE for Wired Users and would like to get your help. Below are the details 1. We are using ISE version 2.7. 2. Two different series of Cisco Switches 2960x and 9200 3. No issue faced by users who a...