Does the ASA support RSA/SDI and its challenge-mechanisms (PIN modes) for administrative connection authentication for ASDM?
RSA Token/One-Time-Password support available with ASDM only in SINGLE ROUTED MODE. If you are in Single Routed Mode, you can do OTP with ASDM if you are running ASA 8.2+ with ASDM 6.2+. We incorporated a "caching" function. Unfortunately, this was accomplished via WebVPN - a feature that is not supported via Multi-context mode.
If the firewall is running in multi-context and transparent mode. It won't work. Below is the enhancement request that was filed for the same feature to be supported.
CSCtf23419 ASDM OTP authentication support in multi-context and transparent modes
<B>Symptom:ASDM OTP (one-time-password) authentication support was added in ASA version 8.2 in single-routed-mode only.
Enhancement Request: Provide ASDM OTP authentication for ASA Firewall transparent mode and multi-context mode.
Looks like this is currently not updated in the release notes.
New Features -ASA Version 8.2(1)/ASDM Version 6.2(1)
Remote Access Features
One Time Password Support for ASDM Authentication
ASDM now supports administrator authentication using one time passwords (OTPs) supported by RSA SecurID (SDI). This feature addresses security concerns about administrators authenticating with static passwords.
New session controls for ASDM users include the ability to limit the session time and the idle time. When the password used by the ASDM administrator times out, ASDM prompts the administrator to re-authenticate.
The following commands were introduced: http server idle-timeout and http server session-timeout. The http server idle-timeout default is 20 minutes, and can be increased up to a maximum of 1440 minutes.
In ASDM, see Configuration > Device Management > Management Access > ASDM/HTTPD/Telnet/SSH.
Has anyone upgraded from a 4 node ISE cluster with Primary and secondary Admin/Mnt nodes and two PSN nodes to the following 2 node cluster with primary/secondary Admin/Mnt/PSN persona Is the best way to do a fresh build and config or will backup...
Hiactually i have a Cisco firepower 4120 in my lab and install SMART License Eval for 9 days but after it expire once i try to deploy any change on policies it says "Deployment is not available since your device does not have a base license, please g...
We recently had a major issue where the FMC deleted a rule apparently by itself ! FMC1600 physical device running 6.6.1Senario, I deleted some out of date office IP's & associated rules. Applied policy to FTD's & a major incident became evide...
Hi,I prepared a switch 2960 version 15.0(2) SE6 and a phone 7940 connected to this switch, and all work fine with MAB ,after that I connect a win 10 pc to the phone using 802.1x and the switch complain about security violation and automatically shutdown t...
I have a new deployment of FMC managed FTD and have a question regarding Native vs Container instances on the 4100The documentation says "Native instances cannot use VLAN subinterfaces or shared interfaces."I plan on trunking multiple vlans into the firew...