01-29-2024 09:16 PM
Hello Team,
Need ideas on how to implement 2FA on cisco AnyConnect for remote VPN.
Currently users are authenticating via Microsoft AD.
Thank you.
01-29-2024 10:58 PM
Hi,
What is the other authentication method you are planning to use?
01-29-2024 11:12 PM
using Google Authenticator so users would have to download an app on their phone which generates an OTP for them to use
01-30-2024 12:06 AM
Hi,
You can refer to this for configuring the aaa-server :
Just have to make sure that the other aaa-server must be configured as secondary authentication.
for example:
tunnel-group <name> general-attributes
authentication-server-group <Microsoft AD server>
secondary-authentication-server-group <second factor>
01-30-2024 12:14 AM
where do i get the option for "secondary-authentication-server-group <second factor>" ?
01-30-2024 12:29 AM
Hi,
What is your VPN headend?
01-30-2024 03:22 AM
cisco firepower.
01-30-2024 03:42 AM - edited 01-30-2024 03:43 AM
Hi,
if you are using FMC then you will have a checkbox under connection profile to use secondary authentication.
for example:
01-30-2024 09:06 PM
Hi,
did that help? or do you have any more queries?
01-30-2024 09:40 PM
trying to figure out how to add a 3rd party aaa > to use as secondary authentication.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide