Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
343
Views
0
Helpful
1
Replies

Anyconnect with ISE

lupingyao
Level 1
Level 1

‎05-11-2016 05:29 AM - edited ‎02-21-2020 08:48 PM

Hi everyone,

I have one question about the authentication for anyconnect user:

I 'd like use the maschine certificate for first authentication(just company PC can connect the vpn), and then must give the AD User for second authentication(different user get different Group Policy through the ISE).

is it possible? when yes, how?

Labels:
0 Helpful
1 Reply 1

carlguer
Level 1
Level 1

‎05-16-2016 04:09 PM

Hello lupingyao,

Yes, that is possible.

You have to configure secondary authentication in your ASA and the Active Directory part will depend on which protocol you are using.

You can refer to this link for the double-authentication:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116111-11611-config-double-authen-00.html

Here you can check the LDAP mapping in case you want to try it:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98634-asa-ldap-group-pol.html

Please rate this post if you find it useful.

Regards. 

- Javier - 

0 Helpful
Customers Also Viewed These Support Documents