04-07-2022 07:48 AM
Hello
I am replacing the Cisco ASA5505 firewall with a new one. User now use the AnyConnect client and traditional username and password authentication.
We want to move on to Azure AD MFA authentication. Is the ASA5506-X already too old or would the FirePOWER 1010 be a more suitable option when using SAML?
Solved! Go to Solution.
04-07-2022 07:54 AM
esko.junnila@iki.fi a FPR1010 would be preferred, it's newer hardware and runs either ASA or FTD image, both support SAML.
04-07-2022 09:20 AM
You can make it work with the ASA 5505 but not directly. You'd have to authenticate via RADIUS to NPS with the Azure MFA extension added.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-vpn
Or, as @Rob Ingram advised just go with a 1010 model.
You can then use SAML either with ASA or FTD image on it. (Easier with ASA unless you have FMC since the local FDM manager for FTD doesn't like the Azure certificates as Microsoft generates them.)
04-07-2022 07:54 AM
esko.junnila@iki.fi a FPR1010 would be preferred, it's newer hardware and runs either ASA or FTD image, both support SAML.
04-07-2022 08:30 AM
Thanks for help!
04-07-2022 09:20 AM
You can make it work with the ASA 5505 but not directly. You'd have to authenticate via RADIUS to NPS with the Azure MFA extension added.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-vpn
Or, as @Rob Ingram advised just go with a 1010 model.
You can then use SAML either with ASA or FTD image on it. (Easier with ASA unless you have FMC since the local FDM manager for FTD doesn't like the Azure certificates as Microsoft generates them.)
04-07-2022 09:36 AM
Thanks for help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide