This document deals with the different types of authentication methods that can be used for AnyConnect VPN on ASA.
Types of authentication
Following is the list of authentication methods available for AnyConnect VPN:
• RADIUS with Password Expiry (MSCHAPv2) to NT LAN Manager (NTLM)
• RADIUS one-time password (OTP) support (state/reply message attributes)
• RSA SecurID (including SoftID integration)
• Active Directory/Kerberos
• Embedded Certificate Authority (CA)
• Digital Certificate/Smartcard (including Machine Certificate support), auto- or user-selected
• Lightweight Directory Access Protocol (LDAP) with Password Expiry and Aging
• Generic LDAP support
• Combined certificate and username/password multifactor authentication (double authentication).
Various encryption methods supported by AnyConnect VPN are listed below:
Strong encryption, including AES-256 and 3DES-168. (The security gateway device must have a strong-crypto license enabled.)
Next-Generation Encryption, including NSA Suite B algorithms, ESPv3 with IKEv2, 4096-bit RSA keys, Diffie-Hellman group 24, and enhanced SHA2 (SHA-256 & SHA-384). (Only applies to IPsec IKEv2 connections. Cisco AnyConnect Premium license required.)
From security standpoint, it does not matter much which Encryption method is being used since IKE will anyway encrypt the traffic between the client and the head end.
Hello Community, I am trying to download a file through a site to site vpn between site A and site B.At site A side, I have an ASA 5506 (Software Version 9.1(7)29).The download link is as follow: http://10.15.0.6:8085/folder/file.zipLocal IP is ...
Hello, I am trying to allow Gmail uploads and it is failing. I had configured Cisco Data Security policy to block them and it worked. No I have to allow a specific group to upload files to Gmail, but I get error from Gmail. ...
This may be a basic question, but is it possible to have different versions of say self-register guest portal to be presented for different authorization policies .i.e ssid-1 -present version1 of guest portal, ssid-2 present version2 of guest portal, usin...
hello folks we have a TAC open , for couple weeks now (!) for a situation where a HA pair of 2130 running 6.7.0 which has been in use from since Nov 2020-ish , the 2130-1 unit has begun having BGP reset randomly.... we failover to 2130-2 and no BGP r...