Showing results for 
Search instead for 
Did you mean: 

ASA 5500 webvpn auth and design questions


I have some questions regarding the webvpnportal

  1. Is it possible to make the thumbnail of a bookmark "clickable"?
    The first thing the users will try is defenetly to click on the thumbnail.
  2. We are using a radius that is connected to the internal AD for authentication, this radius also produces a OTP to
    the users mobile-phone. The user is presented with the OTP-requester after successful authentication with AD-credentials.
    There is no cursor in this field by default, you have to click on the field to enter the OTP. Is it possible to get the cursor
    in the OTP-field by default?
  3. We have enabled SSO for some internal webpages, the SSO doesn't work when the user has logged on to the protal
    with username and password and OTP. When we disables the OTP-demand, the SSO works fine. We can user the
    Internal Password feature, but this requires the users to enter their password twice at logon, which we don't want.
    Our guess is that the CSCO_WEBVPN_PASSWORD stores both the users password and the OTP. Is this a fact?
  4. Is further customization of the webportal design possible? How is this done? I've only seen guides to edit the logon-page.



Hi Fredrik,

I wonder if you could help me to set up ASA for OTP authentication. How do you get to insert OTP after SSL VPN authentication with user AD credentials? I can't figure it out how to configure this part on ASA. Do you use Portal customization or it's sort of redirection to another page where you can insert OTP.

Thanks in advance,



We've used a RADIUS-server from Mideye that sends OTP via SMS to our users.

The setup is something like this:

Cisco ASA <-> Mideye RADIUS <-> Active Directory

1. Installed Mideye and configured it to "relay" authentication-requests to Active Directory.
    Mideye will also read some attributes from the user-objects, such as mobile-phone-number.

2. Configured the Cisco ASA to use the Mideye-server for authentication (using RADIUS).

3. Done

The user enters their credentials on either the portal-page or in AnyConnect.

The credentials are send to Mideye which tries to authenticate the user against Active Directory.

If the authentication is successful the Mideye reads the users mobile-phone-number and sends an SMS with the OTP

The Mideye server then proabaly sends some indication to the Cisco ASA that an OTP is expected from the user.

The user is presented with an OTP-field and enters the information from the received SMS

The OTP-information is verified with the Mideye server, if correct, the user is logged in,

If you would like more information, email me.

Best regards,