Does the ASA support RSA/SDI and its challenge-mechanisms (PIN modes) for administrative connection authentication for ASDM?
RSA Token/One-Time-Password support available with ASDM only in SINGLE ROUTED MODE. If you are in Single Routed Mode, you can do OTP with ASDM if you are running ASA 8.2+ with ASDM 6.2+. We incorporated a "caching" function. Unfortunately, this was accomplished via WebVPN - a feature that is not supported via Multi-context mode.
If the firewall is running in multi-context and transparent mode. It won't work. Below is the enhancement request that was filed for the same feature to be supported.
CSCtf23419 ASDM OTP authentication support in multi-context and transparent modes
<B>Symptom:ASDM OTP (one-time-password) authentication support was added in ASA version 8.2 in single-routed-mode only.
Enhancement Request: Provide ASDM OTP authentication for ASA Firewall transparent mode and multi-context mode.
Looks like this is currently not updated in the release notes.
New Features -ASA Version 8.2(1)/ASDM Version 6.2(1)
Remote Access Features
One Time Password Support for ASDM Authentication
ASDM now supports administrator authentication using one time passwords (OTPs) supported by RSA SecurID (SDI). This feature addresses security concerns about administrators authenticating with static passwords.
New session controls for ASDM users include the ability to limit the session time and the idle time. When the password used by the ASDM administrator times out, ASDM prompts the administrator to re-authenticate.
The following commands were introduced: http server idle-timeout and http server session-timeout. The http server idle-timeout default is 20 minutes, and can be increased up to a maximum of 1440 minutes.
In ASDM, see Configuration > Device Management > Management Access > ASDM/HTTPD/Telnet/SSH.
Hi Folks, A bit of a weird one. Have deployed IEEE 802.1X on wired network in 'Monitor Mode' with a view towards 'Low Impact' mode later this year. Having some issues at a particular site where certain MITEL 5224 IP Phones are working, whi...
Hello All... I am trying to configure a 5545X ASA to use Interface 0/0 and 0/1 on port-channel 1 I am using ASA Interfaces 0/2-0/5 in port-channel 2 with my various networks in subinterfaces.(with matching vlans) on the port-channel 2. I ha...
Hello, our app samepage.io has been blacklisted and our clients using Cisco are complaining thay cannot access it. We are classified as malware which is wrong. We are a business collaboration platform, have been around for quite a while and we have no mal...
i have recently configured a azure to asa site to site policy base vpn. Devices on the inside subnet can reach azure subnet. But when i try to ping azure subnet from ASA it fails. This makes LDAP authentication to fail since the ASA cant reach the LDAP se...