cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
995
Views
5
Helpful
4
Replies

ASA5505 substitute

Hello

 

I am replacing the Cisco ASA5505 firewall with a new one. User now use the AnyConnect client and traditional username and password authentication.

We want to move on to Azure AD MFA authentication. Is the ASA5506-X already too old or would the FirePOWER 1010 be a more suitable option when using SAML?

 

2 Accepted Solutions

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

You can make it work with the ASA 5505 but not directly. You'd have to authenticate via RADIUS to NPS with the Azure MFA extension added.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-vpn

Or, as @Rob Ingram advised just go with a 1010 model.

You can then use SAML either with ASA or FTD image on it. (Easier with ASA unless you have FMC since the local FDM manager for FTD doesn't like the Azure certificates as Microsoft generates them.)

View solution in original post

4 Replies 4

esko.junnila@iki.fi a FPR1010 would be preferred, it's newer hardware and runs either ASA or FTD image, both support SAML.

 

https://community.cisco.com/t5/security-documents/configure-anyconnect-with-saml-authentication-on-ftd-managed-via/ta-p/4467779

 

Thanks for help!

Marvin Rhoads
Hall of Fame
Hall of Fame

You can make it work with the ASA 5505 but not directly. You'd have to authenticate via RADIUS to NPS with the Azure MFA extension added.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-vpn

Or, as @Rob Ingram advised just go with a 1010 model.

You can then use SAML either with ASA or FTD image on it. (Easier with ASA unless you have FMC since the local FDM manager for FTD doesn't like the Azure certificates as Microsoft generates them.)

Thanks for help!