cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11258
Views
4
Helpful
1
Replies
Highlighted
Explorer

Anyconnect Two factor authentication scenarios

When using CA based Anyconnect where you have a signed certificate on the ASA itself, and authenticate the user based off an LDAP login, does that qualify as two factor, or does the ASA need to pull the certificate from an internal server that is tied to the users login instead?  Asking because if a company does not use Active Directory, it makes things a bit difficult on the users profiles.

1 REPLY 1
Highlighted

Hi,

No it is not two-factor authentication.

Please check this out for certificate authentication:

AnyConnect Certificate Based Authentication.

Once you have the LDAP server configured you just define the following:

tunnel-group xxx general-attributes

     authentication-server-group LDAP

!

tunnel-group xxx webvpn-attributes

     authentication aaa certificate

At that point, you will be using two-factor authentication.

Keep me posted.

Portu.

Please rate any helpful posts

Content for Community-Ad