Showing results for 
Search instead for 
Did you mean: 

RSA/OTP Support for ASDM Authentication only in SINGLE ROUTED MODE





    Does the ASA support RSA/SDI and its challenge-mechanisms (PIN modes) for administrative connection authentication for ASDM?

    RSA Token/One-Time-Password support available with ASDM only in SINGLE ROUTED MODE. If you are in Single Routed Mode, you can do OTP with ASDM if you are running ASA 8.2+  with ASDM 6.2+. We incorporated a "caching" function. Unfortunately, this was accomplished via WebVPN - a feature that is not supported via Multi-context mode.

    If the firewall is running in multi-context and transparent mode. It won't work. Below is the enhancement request that was filed for the same feature to be supported.


    CSCtf23419    ASDM OTP authentication support in multi-context and transparent modes

    <B>Symptom:ASDM OTP (one-time-password) authentication support was added in ASA version 8.2 in single-routed-mode only.

    Enhancement Request: Provide ASDM OTP authentication for ASA Firewall transparent mode and multi-context mode.

    Looks like this is currently not updated in the release notes.

    New Features -ASA Version 8.2(1)/ASDM Version 6.2(1)

    Remote Access Features

    One Time Password Support for ASDM Authentication

    ASDM now supports administrator authentication using one time passwords (OTPs) supported by RSA SecurID (SDI). This feature addresses security concerns about administrators authenticating with static passwords.

    New session controls for ASDM users include the ability to limit the session time and the idle time. When the password used by the ASDM administrator times out, ASDM prompts the administrator to re-authenticate.

    The following commands were introduced: http server idle-timeout and http server session-timeout. The http server idle-timeout default is 20 minutes, and can be increased up to a maximum of 1440 minutes.

    In ASDM, see Configuration > Device Management > Management Access > ASDM/HTTPD/Telnet/SSH.


    Content for Community-Ad