10-25-2015 02:47 AM - edited 02-21-2020 08:31 PM
Hello,
i'm searching for an answer is it possible such configuration:
Cisco AnyConnect SSL VPN service with two factor authentication - first method to be certificate from local Microsoft CA and second method - One time password from token solution Symantec VIP?
I know if the two factor authentication was user/password from Active Directory + OTP by the Symantec VIP there will be no problem, because you can send user+pass with Radius, but with the certificates I don't really understand who will verify the certificate validity, what from the certificate we'll send to the RADIUS server for validation and how the configuration from the ASA point of view will look like.
Thank you for the help!
Solved! Go to Solution.
10-26-2015 10:28 PM
Hi Alex ,
I don't see a problem to have certificate + token to connect to the VPN. The certificate authentication should be performed on the ASA , see an example below:
https://supportforums.cisco.com/blog/152941/anyconnect-certificate-based-authentication
The token authentication can be specified as primary/secondary (SDI authentication) on the ASA , an example below:
Hope it helps
-Randy-
10-26-2015 10:28 PM
Hi Alex ,
I don't see a problem to have certificate + token to connect to the VPN. The certificate authentication should be performed on the ASA , see an example below:
https://supportforums.cisco.com/blog/152941/anyconnect-certificate-based-authentication
The token authentication can be specified as primary/secondary (SDI authentication) on the ASA , an example below:
Hope it helps
-Randy-
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide