Cisco Community
English
Register
Welcome Cisco Designated VIP 2021 Class in the 10th Year Anniversary of the Program -- CHECK THE LIST
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
3271
Views
0
Helpful
5
Replies
Highlighted
alex.jeglinski1
Beginner
Beginner
‎03-17-2010 07:05 AM
‎03-17-2010 07:05 AM

Clientless SSL VPN - RSA & LDAP

Hi,

Im not sure what Im asking for is even possible. What I would like to do is have the clientless ssl vpn authenticate via RSA and LDAP at the login page. I've been able to configure it for RSA or LDAP but not both. So in the end a user would go to https://outside_int_ip and see the clientless ssl vpn login page and are required to provide username, password, and RSA token number to gain access.

Any thoughts?

Thanks!

-Alex

Labels:
0 Helpful
Reply
5 REPLIES 5
Highlighted
ksirupa
Participant
Participant
‎03-17-2010 09:50 PM
‎03-17-2010 09:50 PM

Hi,

This is possible using the double authentication feature introduced in ASA 8.2 release.

http://www.ciscosystems.li/en/US/docs/security/asa/asa82/release/notes/asarn82.html#wp340497

Under the "Clientless Connection Profile", you will now see "Seconday Authentication" option. 

Q: Is there any restriction? Can I have two LDAP, two RADIUS, RADIUS first then LDAP, LDAP first then RADIUS?

A: Yes, all variants are supported. However, Native RSA/SDI is not supported as the secondary authentication server. It must be configured as the primary authentication.

Thanks,

Kiran

Preview file
205 KB
0 Helpful
Reply
Highlighted
jickfoo
Beginner
Beginner
In response to ksirupa
‎06-23-2010 05:59 AM
‎06-23-2010 05:59 AM

Anyone know why RSA Cannot be configured as the secondary ?

This creates a problem for us. Our users are accustomed to putting in their id, their password, and then their PIN+Passcode.

We're forced to prompted them in reverse. This causes issues. Also it's not easily apparent on how to chance the login prompts. ie.. "Second Password" is not very helpful as a prompt.

Any inside would be greatly appreciated.

Thanks,
Justin

0 Helpful
Reply
Highlighted
ksirupa
Participant
Participant
In response to jickfoo
‎06-23-2010 06:21 AM
‎06-23-2010 06:21 AM

Hi,

Please see the attached pics. You can re-order the login prompts and also modify the text in the login prompts using the Customization Editor in ASDM.

Thanks,

Kiran

Preview file
14 KB
0 Helpful
Reply
Highlighted
jickfoo
Beginner
Beginner
In response to ksirupa
‎06-23-2010 06:31 AM
‎06-23-2010 06:31 AM

I got really excited for a second but this doesnt apply to the client right ?

This is just the clientless portal ?

THanks,

Justin

0 Helpful
Reply
Highlighted
ksirupa
Participant
Participant
In response to jickfoo
‎06-23-2010 06:34 AM
‎06-23-2010 06:34 AM

Yes, this is limited to Clientless Portal.

From a recent exchange with developer:

We only support new pin / Next token modes on the primary  server and this is why we make that statement. You can use RSA as a secondary authentication server  if you are not using new pin / Next token modes.

Thanks,

Kiran

0 Helpful
Reply
Latest Contents
SecureX and the Evolution of Security Orchestration Automati...
Created by ciscomoderator on 01-20-2021 02:50 PM
0
0
0
0
Meet the Authors Slides- SecureX and the Evolution of Security Orchestration Automation and Response (Live event – Wednesday, 20th, 2021 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 6:00 p.m. Paris) This event had place on Wednesday 20th, January 202... view more
Cisco Endpoint Security Analytics (CESA) dashboard overview ...
Created by Jason Kunst on 01-19-2021 12:35 PM
0
0
0
0
The following guide goes over the in and out of the Cisco Endpoints Security Analytics Dashboard as an overview and faq page For more information on the solution please visit the CESA POV page Building content as of 1/19/2021   Most of the informati... view more
#CiscoChat Live: Accelerating your security maturation journ...
Created by Kelli Glass on 01-15-2021 04:48 PM
0
0
0
0
Join us live on Tuesday, January 19 at 10:00 am PT (and on demand after) as we discuss the latest version of ATT&CK and the expansion of TTPs in v8.  As a security expert, you are tasked with protecting your environment. You see the value of... view more
#CiscoChat Live: Accelerating your security maturation journ...
Created by Kelli Glass on 01-15-2021 04:46 PM
3
0
3
0
Join us live on Tuesday, January 19 at 10:00 am PT (and on demand after) as we discuss the latest version of ATT&CK and the expansion of TTPs in v8.  As a security expert, you are tasked with protecting your environment. You see the value of... view more
What's New for Cisco Defense Orchestrator (CDO)
Created by Andrew Mallio on 01-15-2021 06:09 AM
1
40
1
40
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.  We make improvement... view more
Content for Community-Ad