01-29-2024 09:16 PM
Hello Team,
Need ideas on how to implement 2FA on cisco AnyConnect for remote VPN.
Currently users are authenticating via Microsoft AD.
Thank you.
01-29-2024 10:58 PM
Hi,
What is the other authentication method you are planning to use?
01-29-2024 11:12 PM
using Google Authenticator so users would have to download an app on their phone which generates an OTP for them to use
01-30-2024 12:06 AM
You can refer to this for configuring the aaa-server :
https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/213931-configure-anyconnect-secure-mobility-cli.html#toc-hId-1996450613
Just have to make sure that the other aaa-server must be configured as secondary authentication.
for example:
tunnel-group <name> general-attributesauthentication-server-group <Microsoft AD server>secondary-authentication-server-group <second factor>
01-30-2024 12:14 AM
where do i get the option for "secondary-authentication-server-group <second factor>" ?
01-30-2024 12:29 AM
What is your VPN headend?
01-30-2024 03:22 AM
cisco firepower.
01-30-2024 03:42 AM - edited 01-30-2024 03:43 AM
if you are using FMC then you will have a checkbox under connection profile to use secondary authentication.
01-30-2024 09:06 PM
did that help? or do you have any more queries?
01-30-2024 09:40 PM
trying to figure out how to add a 3rd party aaa > to use as secondary authentication.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
