cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1035
Views
5
Helpful
7
Replies

Cisco AnyConnect Dual Authentication Setup

IT-LDI
Level 1
Level 1

We are currently using Cisco AnyConnect 4.x to access remotely. We are also running Cisco Firepower, and have Active Directory running.

 

I will start with my first question on this.

 

  1. Do I need to purchase another certificate for the 2nd authentication?

 

I did find this information from Cisco and hoping that this would be one way to do the dual authentication.

ASA AnyConnect Double Authentication with Certificate Validation, Mapping, and Pre-Fill Configuration Guide - Cisco

 

Thank you,

2 Accepted Solutions

Accepted Solutions

yes it is possible, choose the 2 facto authentication method, like any token-based, or google authenticator or Azure (based on the requirement).

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

Are you looking Multi-Factor Authentication? what is the Version of FTD you running?

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/relnotes/firepower-release-notes-640/features.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Yes I am looking at multifactor authentication for Cisco AnyConnect login. We are running Firepower 6.4.0.4 build 34. I see that the link shows that it can be done. 

 

It looks like maybe it can be done from the link you provided

 

1.JPG

 

Here's what we're running

2.JPG

 

Thank you

yes it is possible, choose the 2 facto authentication method, like any token-based, or google authenticator or Azure (based on the requirement).

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

It it possible with my version of FMC Firepower Management Console or must I upgrade it to have the Firepower Threat Defence? Is this just purchasing another Cisco License or do the ASA's need to be upgraded too?

For 2 Facto authentication - i do not believe you need extra License, you need to integrate with 2nd factory authentication with the vendor you choose.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

IT-LDI
Level 1
Level 1

So it cannot be done directly through the FMC and a 3rd party application needs to be used. Is it because we are runniing the FMC and not FTD? I thought the link you provided showed that it was possible.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: