Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11579
Views
4
Helpful
1
Replies

Anyconnect Two factor authentication scenarios

tahequivoice
Level 2
Level 2

‎11-02-2012 06:22 AM - edited ‎02-21-2020 06:27 PM

When using CA based Anyconnect where you have a signed certificate on the ASA itself, and authenticate the user based off an LDAP login, does that qualify as two factor, or does the ASA need to pull the certificate from an internal server that is tied to the users login instead?  Asking because if a company does not use Active Directory, it makes things a bit difficult on the users profiles.

Labels:
0 Helpful
1 Reply 1

Javier Portuguez
Level 9
Level 9

‎11-02-2012 07:52 AM

Hi,

No it is not two-factor authentication.

Please check this out for certificate authentication:

AnyConnect Certificate Based Authentication.

Once you have the LDAP server configured you just define the following:

tunnel-group xxx general-attributes

     authentication-server-group LDAP

!

tunnel-group xxx webvpn-attributes

     authentication aaa certificate

At that point, you will be using two-factor authentication.

Keep me posted.

Portu.

Please rate any helpful posts

Customers Also Viewed These Support Documents