12-13-2012 05:26 AM - edited 02-21-2020 04:48 AM
Hello,
I have one question about how to proceed (maybe one example or suggestion), to do authentication this way:
Current scenario:
ACS v5.x + Active Directory
ASA - SSL VPN (authentication)
Future scenario:
ACS v5.x + Active Directory and External RADIUS or OTP (One-time Password)
ASA - SSL VPN (authentication)
Thank you & Regards.,
12-13-2012 11:01 AM
You will want to use NPS, the MS radius plugin. It will let AD do the authorization based on the username and will proxy the username and OTP to your 2FA server.
We have a helpful eGuide on adding two-factor authentication to your network available without registration here:
http://www.wikidsystems.com/learn-more/two-factor-authentication-white-papers. There's a Cisco example network client as well as another VPN and Linux via PAM. (Really, you need to refer to the Cisco docs, it's just for guidance.) While the guide uses the WiKID two-factor system the rest applies to any setup.
HTH,
Nick
12-13-2012 11:31 AM
Hello Nick,
Thank you for answer.
I'll check that.
My current scenario:
ACS v5.x + Active Directory (RADIUS)
ASA - SSL VPN (authentication radius)
I'll need to provide more one factor authentication with another "External Radius Server" and it will request to a OTP.
Regards.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: